Merge pull request #95710 from jaszperez/patch-68

PRMerger6 · web-flow · commit fbdc3e4ccc9c · 2019-11-12T14:02:31.000-08:00
Update same site documentation
diff --git a/articles/active-directory/manage-apps/application-proxy-configure-cookie-settings.md b/articles/active-directory/manage-apps/application-proxy-configure-cookie-settings.md
@@ -29,9 +29,9 @@ Azure Active Directory (Azure AD) has access and session cookies for accessing o
 | Use Persistent Cookie | **No** | **Yes** allows Application Proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies. | Use **No** because of the security risk associated with keeping users authenticated.<br></br><br></br>We suggest only using **Yes** for older applications that can't share cookies between processes. It's better to update your application to handle sharing cookies between processes instead of using persistent cookies. For example, you might need persistent cookies to allow a user to open Office documents in explorer view from a SharePoint site. Without persistent cookies, this operation might fail if the access cookies aren't shared between the browser, the explorer process, and the Office process. |
 
 ## SameSite Cookies
-Starting in version [Chrome 80](https://support.google.com/chrome/a/answer/7679408?hl=en) and eventually in browsers leveraging [Chromium](https://blog.chromium.org/2019/10/developers-get-ready-for-new.html), cookies that do not specify the [SameSite](https://web.dev/samesite-cookies-explained) attribute will be treated as if they were set to **SameSite=Lax**. The SameSite attribute declares how cookies should be restricted to a same-site context. When set to Lax, the cookie is only to sent to same-site requests or top-level navigation. However, Application Proxy requires these cookies to be preserved in the third-party context in order to keep users properly signed in during their session. Due to this, we are making updates to the Application Proxy access and session cookies to avoid adverse impact from this change. The updates include:
+Starting in version Chrome 80 and eventually in browsers leveraging Chromium, cookies that do not specify the [SameSite](https://web.dev/samesite-cookies-explained) attribute will be treated as if they were set to **SameSite=Lax**. The SameSite attribute declares how cookies should be restricted to a same-site context. When set to Lax, the cookie is only to sent to same-site requests or top-level navigation. However, Application Proxy requires these cookies to be preserved in the third-party context in order to keep users properly signed in during their session. Due to this, we are making updates to the Application Proxy access and session cookies to avoid adverse impact from this change. The updates include:
 
-* Setting the **SameSite** attribute to **None**- This allows Application Proxy access and sessions cookies to be properly sent in the third-party context.
+* Setting the **SameSite** attribute to **None**. This allows Application Proxy access and sessions cookies to be properly sent in the third-party context.
 * Setting the **Use Secure Cookie** setting to use **Yes** as the default. Chrome also requires the cookies to specify the Secure flag or it will be rejected. This change will apply to all existing applications published through Application Proxy. Note that Application Proxy access cookies have always been set to Secure and only transmitted over HTTPS. This change will only apply to the session cookies.
 
 These changes to Application Proxy cookies will roll out over the course of the next several weeks before the Chrome 80 release date.
