FAQ: Are ArcGIS products prepared for the Chrome cross-site cookie update?

Question

Are ArcGIS products prepared for the Chrome cross-site cookie update?

Answer

When loading a website, the following message may be seen in the Chrome Developer Tools console tab:

"A cookie associated with a cross-site resource at <Website> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies..."

ArcGIS products are prepared for this change.

The Chrome update only affects scenarios where ArcGIS web applications are embedded in a parent application that is deployed on a non-arcgis.com domain. This is a common workflow with Hub site applications, and cookies relevant to this workflow were addressed in the December ArcGIS Online update. 

Related Information

• Cookies default to SameSite=Lax
• Reject insecure SameSite=None cookies
• SameSite cookies explained