ASP.Net Cannot set cookie with SameSite=None

Question

I'm using MVC5 on IIS with .NET Framework 4.8. I have the latest quality rollup installed(1) which is supposed to resolve some issues with samesite cookies.

I create three cookies as follows:

var now = DateTime.Now.ToLongTimeString();
var expiry = now.AddSeconds(30);

var cookieSameSiteNone = new HttpCookie("My.SameSite.None", $"sameSite None [{now}]")
{
    Secure = true,
    SameSite = SameSiteMode.None,
    Expires = expiry
};

var cookieSameSiteLax = new HttpCookie("My.SameSite.Lax", $"sameSite Lax [{now}]")
{
    Secure = true,
    SameSite = SameSiteMode.Lax,
    Expires = expiry
};

var cookieSameSiteStrict = new HttpCookie("My.SameSite.Strict", $"sameSite Strict [{now}]")
{
    Secure = true,
    SameSite = SameSiteMode.Strict,
    Expires = expiry
};

Response.Cookies.Add(cookieSameSiteStrict);
Response.Cookies.Add(cookieSameSiteLax);
Response.Cookies.Add(cookieSameSiteNone);

These cookies are set in the Application_EndRequest of the Global.asax. The application also uses OWIN for authentication.

Using FireFox (v72.0.2) I get the following cookies:

Note the cookie where SameSite was set to None has been received as "Unset"

• Any idea how to set a cookie with SameSite=None?

I have seen other SO questions that suggest applyin patches to the .NET Framework(2), but I already have these installed

(1) https://support.microsoft.com/en-gb/help/4534132/kb4534132-cumulative-update-for-net-framework

(2) How to set SameSite cookie attribute to explicit None ASP NET Core

Answer 1

This may be an issue with FireFox's display of Cookies. Chrome does not appear to suffer with the same problem. I've logged a bug with Mozilla(1).

(1) https://bugzilla.mozilla.org/show_bug.cgi?id=1613622