Analytics: Cookie writer to support custom SameSite value

[zhouyx]

@ryanashcraft @pierre-b @leazus @misteryeo @colmsnowplow
Please let us know if there's request to change the SameSite value when setting cookie using the AMP provided cookie writing feature. Thanks.

[pierre-b]

Hi @zhouyx , thanks for asking, we don't need this feature at the moment. We use the AMP cookie to persist the AMP cid until the user exits the Google CDN and lands on the real domain with the linker (cid in URL).

[zhouyx]

Thank you @pierre-b

All, I'm going to label this issue P2 for now. But please do let us know if this feature is important for your business. We can prioritize it with the Chrome 80 launch approaching. Thanks.

[colmsnowplow]

Thanks for asking @zhouyx , and apologies for late response.

We've instrumented our design around avoiding dependence on cookies for user identification as far as possible. As long as the AMP client ID is reliable, we're all good!

[leazus]

Hi @zhouyx,
Sorry for the late response, and of course thank you for asking!
Currently, we don't need to apply the sameSite attribute for the AMP cookie (we use the CID and linker to pass it as a URL param)

[zhouyx]

Thank you all for the response. That's also what I heard from Google Analytics. Given the feedback setting the priority to P3.

[gui-poa]

Hi, all. I don't know if I am in the right issue.

I need to add cookieFlags with "secure;samesite=none" on AMP pages, because I have an iframe on a 3d party domain that should read the GA cookie from the first party domain. This stopped to work recently. (mid august)

Is it possible to add this attribute currently? It did not work when I added on "vars".

Thanks!

[zhouyx]

Hi @gui-poa Thanks for reaching out.

We haven't added the sameSite and secure option to the cookieWriter config because there was no request to that. I think we should add that. Do you think if you can help with the code change? Let me know. Thanks!

[gui-poa]

Hi, @zhouyx . Thanks for your reply! Unfortunately I do not have enough knowledge to help here.

Do you think it can be placed as p1? The regular version already supports Cookie Flags and we are currently without coverage of these flags for AMP, generating loss of data.

[zhouyx]

Understood. I can placed the issue as a P1. But I can't guarantee a timeline for this item. I'll pick it up asap. In the meantime, I'm more than happy to help if anyone could help with the code change.