Menu
I been trying to add sameSite = None attribute to my project cookies as a part of Chrome standards. I am using .net framework 4.8 and it supports sameSite for cookie (https://docs.microsoft.com/en-us/aspnet/samesite/system-web-samesite#using-samesite-in-aspnet-472-and-48), but i am not able to do it from web.config Please help if anyone has faced similar problem and resolved that.
950
Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
You can add SameSite cookie attributes in the set-cookie HTTP response header to restricts browser behavior. It may prevent the browser from sending the cookie's key=value pair based on the type of interaction that triggered the HTTP request.
A New Model for Cookie Security and Transparency Developers must use a new cookie setting, SameSite=None , to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections.
This is only a warning because the attribute isn't included in Visual Studio yet. It shouldn't stop you compiling and will work in production because the latest browsers support it.
As Microsoft includes this in their official documentation I would use it as recommended and ignore the warning until an update is released with the same site parameter included.
<configuration>
<system.web>
<httpCookies sameSite="[Strict|Lax|None|Unspecified]" requireSSL="[true|false]" />
<system.web>
<configuration>
As of Visual Studio Community 2022 Version 17.0.6 this is still not included.
(It might be safe to assume this will never get added to Visual Studio.)
137
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
