Chrome changed the default cross-domain (SameSite) behavior of cookies coinciding with the stable release of Chrome 84 on July 14, 2020, with enforcement enabled for Chrome 80+. The SameSite attribute on a cookie controls its cross-domain behavior. If no SameSite attribute is specified, Chrome 84 sets cookies as SameSite=Lax by default. After the Chrome 84 release, developers can opt in to unrestricted use by explicitly setting SameSite=None; Secure.
The SameSite changes coincide with the stable release of Chrome 84 on July 14, 2020, with enforcement enabled for Chrome 80+. If you prepared your org for Google's initial rollout in February 2020, no further action is needed.
To prepare for Google Chrome's SameSite cookie enforcement, Salesforce orgs must require HTTPS connections, update custom integrations that rely on cookies for cross-domain communication, and explicitly set the SameSite=None; Secure attribute on cookies used cross-domain.
These SameSite changes may require you to make changes in your org:
1. Use HTTPS instead of HTTP
To require HTTPS access in your org, ensure that the following Session Settings in Setup are enabled. From Setup, enter Session Settings in the Quick Find box, then select Session Settings.
2. Test custom Salesforce integrations that rely on cookies
Before the Chrome 84 release, test any custom integrations that rely on cookies. If you find regressions, update the SameSite attribute on cookies used for cross-domain communication to explicitly set SameSite=None; Secure.
Salesforce updated the SameSite attribute on cookies set by Salesforce in Spring '20, applying to Chrome 78 and later. Test in a sandbox with the latest version of Chrome.
Each cloud product has a dedicated knowledge article for SameSite impacts. See the Additional Resources section below for links to each product-specific article.
000381201

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.