An Introduction To Same Site Cookies

Introduction

First of all, I Introduce the Cookies.

Cookies are stored on the browser.it's attached to an HTTP web request and sent to the server using the set cookies HTTP request header. this method is used for the security vulnerabilities like Cross-Site Request Forgery(CSRF) attacks and Cross-Site Script Inclusion(XSSI)

Now Come to the Same site Cookie

Same site cookies are introduced in Google chrome version 5.1.SameSite Cookies is the latest technology to identify how First and Third-Party cookies are handled.SameSite cookie reduced the exposure through its structure in the set cookie header. Browers can either allow or block such cookies depending on the attribute. The main goal of the same site reduced the risk from cross-site request forgery attacks.

The attribute of Same site cookies-.

Same site cookies accept the three values.

1. Lax -This cookie only sent first-party context with HTTP GET requests. when a user navigates to URL from, its calls to load images or iframes. Attribute syntax:-  set-cookie:key=values:samesite=Lax

2. Strict -This cookie only sent first-party context, this is only allowed when originating form the site that set the cookie. if we send the request from the other URL, that cookie is not allowed in this attribute.  Attribute syntax:-  set-cookie:key=values:samesite=Strict

3. None -These cookies are sent to both first party and third party context, this is the most useable cookies when we used them for cross-site cookies.  Attribute syntax:-  set-cookie:key=values:samesite=None
 
Note:- when we do not define any same site attribute into our browsers, it by default take the same site = "Lax" Attribute

Conclusion  Nowadays, Many types of attacks are held on the Site as like Cross-Site Request Forgery(CSRF) attacks and Cross-Site Script Inclusion(XSSI) So, To prevent Such types of Attacks we used the Same Site Cookies Attribute to secure our site with another level of security.

Thanks.