Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set SameSite value to None in .net 4.5.2?

Tags:

c#

.net

asp.net-mvc

session

.net-4.5

When redirected back to my site from the third party site user session becoming empty. I have checked Response.Cookies["ASP.NET_SessionId"]; sets new value after redirect. By default, ASP.NET_SessionId it sets as Lax. Any possible way to change SameSite value in Session_Start of .net framework 4.5.2 or possible anywhere?

like image 204
Vaibhav Deshmukh Avatar asked Jun 25 '20 13:06

Vaibhav Deshmukh

People also ask

Should I set SameSite to “none”?

If you’re on .Net 4.7 or higher, Microsoft supports setting SameSite to None. The official recommendation is that if you want to use SameSite None, then you need to move up to .Net 4.7.2, which if you are able, you should absolutely do.

Does the SameSite attribute exist in NET Framework?

In this article .NET Framework 4.7 has built-in support for the SameSiteattribute, but it adheres to the original standard. The patched behavior changed the meaning of SameSite.Noneto emit the attribute with a value of None, rather than not emit the value at all.

What does a value of (samesitemode (-1) mean?

A value of None means "Emit the attribute with a value of None ". A SameSite value of (SameSiteMode) (-1) causes the attribute not to be emitted. The default SameSite value for forms authentication and session state cookies was changed from None to Lax. Summary of change impact on browsers

How to revert the updated SameSite behavior in NET Framework apps?

You can revert the updated sameSite behavior in .NET Framework apps to its previous behavior where the sameSite attribute is not emitted for a value of None, and revert the authentication and session cookies to not emit the value.

1 Answers

Couple options to work around this constraint with older versions of the .net framework

HttpContext.Current.Response.Headers.Append("set-cookie", $"{key}={value}; path=/; SameSite=Strict; Secure");

Is one option for setting the headers manually with the SameSite defined. Above, key is the cookie name, value is the cookie value

Alternatively:

myCookie.Path = "/; SameSite=Strict; Secure";

I've tested these options, both appear to work

Values listed above are for examples only, you will need to supply the appropriate values [Lax|Strict|None|etc]. The Secure flag indicates that its transmitted over https only. Ymmv

like image 90
webbexpert Avatar answered Oct 20 '22 06:10

webbexpert
Sign in to Comment

Related questions

Retrieving changes made by each user on a specific google doc
User.Identity.Name always null and claims count 0 after PasswordSignInAsync MVC .Net Core 3.0
GameObject is destroyed by which script
Simplify collision mesh of road-like system?
.NET reflection 3 times slower in .NET 4.7.x than in 3.5
How do I solve SqlNullValueException?
Curly Braces In C#
How to use jCrop in ASP.Net Blazor server side
DDD - How to manage entities across bounded contexts in EF Core
Lambda parameter name (sometimes) conflicting with local name
Blazor Default constructor not found for type Microsoft.AspNetCore.Components.Authorization.AuthorizeRouteView
.Net Core 3 dependency injection of a Serilog
Using new Json serializer with HttpContext.Response in ASP.NET Core 3.1
Get total number of allocations in C#
Limiting Azure Functions Rate of Service Bus Message Intake
How to do routing with parameters in ASP.NET Core 3.1
Definition of "Equals" for empty arrays and difference between .NET and .NET core
How to use System.Configuration.ConfigurationManager in .netstanard library for .net core and .netframework
Why does System.Text Json Serialiser not serialise this generic property but Json.NET does?
Create a 'event as online meeting' or only the onlineMeeting using Microsoft Graph API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!