Cookie SameSite Attribute

What are first-party and third-party cookies?

• Cookies that match the domain of the current site, i.e. what’s displayed in the browser’s address bar, are referred to as first-party cookies.
• Cookies from domains other than the current site are referred to as third-party cookies.

SameSite attribute

• Strict: If you set SameSite to Strict, your cookie will only be sent in a first-party context. In user terms, the cookie will only be sent if the site for the cookie matches the site currently shown in the browser’s URL bar.
• Lax: When you set a cookie’ SameSite attribute to Lax, the cookie will be sent along with the GET request initiated by third party website.
  The important point here is that, to send a cookie with a GET request, GET request being made must cause a top level navigation. Only in this way, the cookie set as LAX will be sent.