SameSite cookie behavior in Google Chrome 84 and 91 can cause problems in Sage 300

Summary

SameSite cookie behavior in Google Chrome 84 and 91 can cause problems in Sage 300

Description

Cause

Resolution

FAQs:

Q: What is the change to SameSite cookie behavior?

A: The Chrome 84 stable release from July 14, 2020 includes a change to cross-domain cookie behavior. The change protects against some classes of cross-site request forgery attacks.

On August 11, 2020, a further change was made to enforce use of SameSite=None-requires-Secure behavior.

Q: What problems are caused by the change to SameSite cookie behavior?

A: The following problems are caused by the change:

  • In Sage 300 2021, you cannot sign in to web screens.
  • You cannot process credit card payments using the Sage 300 Payment Processing program.
  • If you have Sage 300 integrated with Sage CRM, the integration will not work if Sage CRM and Sage 300 are located on different servers or sites.

Q: How do I fix these problems?

A: Install a fix for Sage 300, in one of the following ways:

  • Install Sage 300 2021.0, 2020.3, or 2019.6. (These product versions include fixes for the problems mentioned above.)
  • If you use Sage 300 2020.2, a hotfix is available for the Sage CRM integration problem. You can download this hotfix from Knowledgebase article 106350.

To fix the problems with Payment Processing and Sage CRM integration, an additional step is required. For the sites where you have Sage 300 and Sage CRM, you must set up each site to use SSL.

Q: Is there a workaround if I don’t want to use SSL for my Sage 300 and Sage CRM sites?

A: Yes. You can disable the SameSite flags in your browser:

  1. Open your browser and go to:
  • In Google Chrome: Chrome://flags
  • In Microsoft Edge: Edge://flags
  • In Mozilla Firefox: about:config
  1. Disable SameSite flags as follows:
  • In Chrome or Edge, search for the following flags and set them to Disable:
    • SameSite by default cookies
    • Cookies without SameSite must be secure
  • In Firefox, search for the following flags and set them to False:
    • network.cookie.sameSite.laxByDefault
    • network.cookie.sameSite.noneRequiresSecure
  1. Click Relaunch.

Q: What if I use Microsoft Edge or Mozilla Firefox as my browser?

A: As of August 24, 2020, this change does not affect Edge or Firefox. However, this change will likely soon be made in these browsers, which is why we’ve included some information about them in the preceding question.

For more information about when this change may be made for Edge, see the following document from Microsoft:

https://docs.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes

Q: Is there more information available about SameSite cookie behavior?

A: Yes. See the following documents from Google:

https://www.chromestatus.com/feature/5088147346030592

https://www.chromium.org/updates/same-site

https://sites.google.com/a/chromium.org/dev/updates/same-site/faq

Q: Do I need to update my Windows operating system?

A: Yes. To find Windows updates that support SameSite cookies, see Microsoft article

https://docs.microsoft.com/en-us/aspnet/samesite/kbs-samesite

Defect ID

43079

Solution Properties

Solution ID
220924560106348
Last Modified Date
Thu Jul 08 13:01:27 UTC 2021
Views
0