Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set vaue of attribute samesite on the cookie __RequestVerificationToken_Lw__

I have an antirforgery token(@Html.AntiForgeryToken()) on a cshtml page, which generates a cookie RequestVerificationToken_Lw. The attribute values on this cookie are HTTP and Secure. But I need the SameSite also to be set. How do I achieve this?

@Html.AntiForgeryToken()

__RequestVerificationToken_Lw__
like image 933
user2990342 Avatar asked Jun 17 '19 15:06

user2990342


People also ask

How do you set a cookie with SameSite attribute?

To prepare, Android allows native apps to set cookies directly through the CookieManager API. You must declare first party cookies as SameSite=Lax or SameSite=Strict , as appropriate. You must declare third party cookies as SameSite=None; Secure .

What is __ Requestverificationtoken cookie?

__RequestVerificationToken. www.grpgroup.co.uk. This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery.

How do I fix my SameSite attribute?

SameSite=None requires Secure The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected. To fix this, you will have to add the Secure attribute to your SameSite=None cookies. A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol.

How do I set the SameSite cookie attribute to none?

A New Model for Cookie Security and Transparency Developers must use a new cookie setting, SameSite=None , to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections.


1 Answers

Can this help?

in Global.asax.cs

 public class MvcApplication : System.Web.HttpApplication
 {

        protected void Application_PreSendRequestHeaders(object sender,EventArgs e) {
            // This code will mark the __RequestVerificationToken cookie SameSite=Strict 
            if (Request.Cookies.Count>0) {
                foreach (string s in Request.Cookies.AllKeys) {
                    if (s.ToLower() == "__requestverificationtoken") {
                        HttpCookie c = Request.Cookies[s];
                        c.SameSite = System.Web.SameSiteMode.Strict;
                        Response.Cookies.Set(c);
                    }
                }
            }           
        }
 }
like image 93
Maayan Hope Avatar answered Oct 12 '22 18:10

Maayan Hope