Menu
Session cookies are being set on Chrome, FireFox and even IE but not on Edge
The browser version is Microsoft Edge 42.17134.1.0
DotNet core version is 2.1
and the following information is used in my startup.cs file
public void ConfigureServices(IServiceCollection services) {
services.Configure < CookiePolicyOptions > (options => {
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddJsonOptions(options => {
options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
}).AddSessionStateTempDataProvider();
services.AddDistributedMemoryCache();
services.AddSession(o => {
o.IdleTimeout = TimeSpan.FromMinutes(80);
o.Cookie.HttpOnly = true;
o.Cookie.Name = "my-session-cookie";
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
} else {
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseSession();
app.UseSpaStaticFiles();
app.UseMvc(routes => {
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa => {
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment()) {
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
}
Here are some of the things I've tried out so far:
IsEssential condition to session optionsCookiePolicyOptions and UseCookiePolicy
500
To help protect your privacy, the new Microsoft Edge sets tracking prevention to balanced by default. For increased protection, you can switch your tracking prevention to strict or block all third-party cookies.
SameSite is an IETF draft standard designed to provide some protection against cross-site request forgery (CSRF) attacks. Originally drafted in 2016, the draft standard was updated in 2019.
Using fetch on Edge is causing the set-cookie header to not set a cookie on the browser
The solution was to add credentials: "same-origin" to the fetch options object
DOT NOT ADD IT TO THE HEADER
Quotes from HERE
By default, fetch won't send or receive any cookies
That means your have add the credentials object to it so it can set those cookies
Since Aug 25, 2017. The spec changed the default credentials policy to same-origin.
I guess Edge have not implemented that default yet
Here's an example of a working fetch
fetch(link, {
body: JSON.stringify(myDataObject),
method: "POST",
credentials: "same-origin",
headers: {
"content-type": "application/json"
}
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With