> Unfortunately, as of writing, SameSite cookies are available only in Chrome an... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Aaron1011 on May 16, 2017 \| parent \| context \| favorite \| on: HTTP security headers > Unfortunately, as of writing, SameSite cookies are available only in Chrome and Opera, so you may want to ignore them for now. IIRC, the SameSite attribute is simply ignored by unsupported browsers. Is there any downside to setting it?

rossy on May 16, 2017 [–]

I thought the same and I don't think there's a downside. I've been setting SameSite=strict for the session cookie in a B2B app for about a year and no one has complained. It's silently ignored by IE10 and Firefox, at least.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact