CODEWITHSUNDEEP
htmltokenantiforgerytokensamesite
user2990342
user2990342

Reputation: 91

How to set vaue of attribute samesite on the cookie __RequestVerificationToken_Lw__

I have an antirforgery token(@Html.AntiForgeryToken()) on a cshtml page, which generates a cookie RequestVerificationToken_Lw. The attribute values on this cookie are HTTP and Secure. But I need the SameSite also to be set. How do I achieve this?

@Html.AntiForgeryToken()

__RequestVerificationToken_Lw__

Upvotes: 8

Views: 6407

Answers (2)

Célio de Farias do Valle
Célio de Farias do Valle

Reputation: 1

Use before .NET Framework 4.7.2 in Global.asax.cs :

public class MvcApplication : System.Web.HttpApplication {
    protected void Application_PreSendRequestHeaders(object sender, EventArgs e) {
        // This code will mark the __RequestVerificationToken cookie SameSite=Strict 
        if (Request.Cookies.Count > 0) {
            foreach (string s in Request.Cookies.AllKeys) {
                if (s.ToLower().Trim().Contains("__requestverificationtoken")) {
                    HttpCookie c = Request.Cookies[s];
                    c.Path += ";SameSite=Strict";
                    Response.Cookies.Set(c);
                }
            }
        }
    }
}

Upvotes: 0

Maayan Hope
Maayan Hope

Reputation: 1611

Can this help?

in Global.asax.cs

 public class MvcApplication : System.Web.HttpApplication
 {

        protected void Application_PreSendRequestHeaders(object sender,EventArgs e) {
            // This code will mark the __RequestVerificationToken cookie SameSite=Strict 
            if (Request.Cookies.Count>0) {
                foreach (string s in Request.Cookies.AllKeys) {
                    if (s.ToLower() == "__requestverificationtoken") {
                        HttpCookie c = Request.Cookies[s];
                        c.SameSite = System.Web.SameSiteMode.Strict;
                        Response.Cookies.Set(c);
                    }
                }
            }           
        }
 }

Upvotes: 4

Related Questions