What’s the impact for the B2B Commerce managed package?

As long as the implementation uses a secure (HTTPS) connection and secure domain name URL for each storefront, the SameSite changes don’t affect the default use of cookies in the B2B Commerce managed package.

Is there any action I should take?

Verify that your storefront settings are secure by completing the following steps.

1. Verify that traffic to your community uses a secure connection.

a. In the community’s Site Detail section, confirm that the following options are selected:

i. Require Secure Connections (HTTPS)
ii. Upgrade all requests to HTTPS

NOTE: These options are enabled by default in a new community. If these options aren’t enabled, click Edit, enable them, and then save your changes.

2. Verify that your storefront uses a secure domain name URL.

a. Go to CC Admin | Your storefront | General Settings.
b. For Site Secure Domain, confirm the domain name URL contains https://.

NOTE:

If your Site Secure Domain does not contain https://, click Edit, update your URL with https://, and then save your changes.
In B2B Commerce Spring ’19 (version 4.10), the Site Unsecure Domain field is also available, but is no longer used in the managed package. In B2B Commerce Summer ’19 (version 4.11), this field is removed.

What’s the impact for the B2B Commerce market templates?

The SameSite changes affect the use of the cookies in any version of the CyberSource for B2B Commerce market template. Previously, we recommended that you use non-embedded endpoint URLs for the Endpoint: Token Create and Endpoint:Transaction configuration setting values. Non-embedded endpoints rely on the cookies to maintain a session when attempting to authenticate a 3DS card within an <iframe>.

If you’re using non-embedded endpoints, CyberSource recommends that you update each configuration setting to use the embedded endpoint URL instead. Embedded endpoints do not rely on the cookies, and are designed for use specifically in an <iframe>. If you continue to use non-embedded endpoints after the SameSite cookie changes go into effect, expect session timeouts and transaction process failures.

Is there any action I should take?

If necessary, update your endpoint settings by completing the following steps. Complete these changes any time before February 17, 2020.

1. On the CC Admin tab, select the affected storefront.
2. Select Configuration Settings.
3. Filter for the CyberSource module.
4. For Endpoint: Token Create and Endpoint: Transaction, update the non-embedded endpoint URL to the embedded endpoint URL for your test environments and your production environments. The table below lists the correct URLs and format.

Configuration Setting	Environment	Non-embedded Endpoint URL	Embedded Endpoint URL
Endpoint: Token Create	Test	https://testsecureacceptance.cybersource.com/silent/token/create	https://testsecureacceptance.cybersource.com/silent/embedded/token/create
Endpoint: Token Create	Production	https://secureacceptance.cybersource.com/silent/token/create	https://secureacceptance.cybersource.com/silent/embedded/token/create
Endpoint: Transaction	Test	https://testsecureacceptance.cybersource.com/silent/pay	https://testsecureacceptance.cybersource.com/silent/embedded/pay
Endpoint: Transaction	Production	https://secureacceptance.cybersource.com/silent/pay	https://secureacceptance.cybersource.com/silent/embedded/pay

5. Click the checkmark to save the values.
6. Navigate to Configuration Cache Management in the Global Settings.
7. Build and Activate the index to deploy the changes.

SameSite Cookie Considerations for B2B Commerce for Visualforce

What’s the impact for the B2B Commerce managed package?

What’s the impact for the B2B Commerce market templates?

Is there any action I should take?

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List