I have an antirforgery token(@Html.AntiForgeryToken()) on a cshtml page, which generates a cookie RequestVerificationToken_Lw. The attribute values on this cookie are HTTP and Secure. But I need the SameSite also to be set. How do I achieve this?
@Html.AntiForgeryToken()
__RequestVerificationToken_Lw__
To prepare, Android allows native apps to set cookies directly through the CookieManager API. You must declare first party cookies as SameSite=Lax or SameSite=Strict , as appropriate. You must declare third party cookies as SameSite=None; Secure .
__RequestVerificationToken. www.grpgroup.co.uk. This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery.
SameSite=None requires Secure The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected. To fix this, you will have to add the Secure attribute to your SameSite=None cookies. A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol.
A New Model for Cookie Security and Transparency Developers must use a new cookie setting, SameSite=None , to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections.
Can this help?
in Global.asax.cs
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_PreSendRequestHeaders(object sender,EventArgs e) {
// This code will mark the __RequestVerificationToken cookie SameSite=Strict
if (Request.Cookies.Count>0) {
foreach (string s in Request.Cookies.AllKeys) {
if (s.ToLower() == "__requestverificationtoken") {
HttpCookie c = Request.Cookies[s];
c.SameSite = System.Web.SameSiteMode.Strict;
Response.Cookies.Set(c);
}
}
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With