Comment by bitbasher

Comment by bitbasher 2 months ago

0 replies

View on Hacker News

My experience with SameSite equal None was to move it to Lax. Why? Because when a link in an email client is clicked and opens a site, the cookies are not sent.

For example, you sign up to a website (A). You get a verify email sent to your inbox. You open your inbox (site B) and click the link. The link opens (A) but you're not logged in automatically upon verification, you get logged out because the cookie wasn't sent (since you're coming from B).

It was quite disruptive to basic flows.