In my web application I am iframing a different web application. The domain of both the webapplications are different.
I have following configuration for SessionState in web.config of the iframed web application.
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None"/>
<httpRuntime requestValidationMode="4.7.2" maxQueryStringLength="512" maxUrlLength="512" enableVersionHeader="false" />
<sessionState mode="Custom" cookieless="UseCookies" regenerateExpiredSessionId="true" timeout="245" cookieName="MYCOOKIE" cookieSameSite="None" customProvider="MyCustomSessionProvider">
<providers>
<!-- Custom provider details -->
</providers>
</sessionState>
<compilation batch="false" debug="false" />
<customErrors defaultRedirect="ErrorMessage.aspx" mode="On" />
</system.web>
When I load the page the “MYCOOKIE” of the iframed page is not having SameSite set to none. Because of that MYCOOKIE is not send in subsequent HTTP request.
I am using chrome (Version 86.0.4240.111 (Official Build) (64-bit)) and have enabled third party cookies.
IIS version 10.0
Installed .NET framework version in IIS is 4.8.03761
Is there something I am missing?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I had faced the same issue earlier, after upgrading framework to 4.7.2 it wasn’t working.
FIX:
— All the installations of Windows has to be up-to-date as SameSite=”None” comes with one particular Windows update.
Have a look: https://support.microsoft.com/en-us/help/4533011/kb4533011
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0