Does anyone know if s2Member (and Pro) use cookies that would be in conflict with the new Same Site cookie functionality that will be introduced in Chrome 80 in February?
And if so, is there an easy workaround for non-programmer types?
s2Member and Chrome 80's new Same Site cookies
Just to follow up my own post, apparently the answer to the first question is yes. I use PayPal with s2Member, and when I view my site’s sign-up page where people create profiles and enter their payment information, I get multiple warnings in the Chrome Console about cookies related to PayPal that are being set without the SameSite attribute.
Is it possible to add the SameSite attribute somewhere in s2Member’s code?
I’m not sure how serious of an issue this is at the moment. Seems like every website I visit throws up Console warnings about cookies being set without the SameSite attribute.
Am I really the only one who’s concerned about this? If Chrome 80 starts blocking third-party cookies without the proper Same Site and Secure attributes, which it will beginning the week of Feb 17, will s2Member (and more specifically s2Member Pro) still be able to handle payments?
I’ve seen this reported elsewhere as a problem on PayPal’s side:
If it’s related to your loading the paypal button, perhaps you’ll need to host your own button. But, you’ll likely have to create your own custom template as explained here:
You can download some buttons from paypal’s site:
https://developer.paypal.com/docs/archive/checkout/how-to/customize-button/
Actually, I have been testing my site against the upcoming SameSite cookies behaviour using the method described in the link below and I have not encountered any problems with s2Member. I tried a few test payments and everything worked as normal.
Chrome is warning that some cookies from PayPal are now being blocked due to the SameSite issue, but it does not seem to have any negative effect.
PayPal has released a statement on their Status Page saying that they do not expect the SameSite cookie behavior to have any impact.
I believe this is now causing an issue on the stripe pro forms for those that use cloudflare. I’m not sure if anyone has come up with a workaround?
My understanding is that these cookies need to be set correctly at the source. So Stripe, PayPal and others are the ones responsible for making the necessary changes. And none of them seem overly concerned about it. Even Google is still using cookies without the SameSite attribute.