Reputation: 21
Google Chrome Version 84.0.4147.125 Session is getting null after redirecting from Payment Gateway .Net MVC 5
Web application session is getting null after redirecting from Payment Gateway site. This issue happens only in Google Chrome browser. In Mozila, IE its working fine.
We are using .net MVC.
Upvotes: 1
Views: 1322
Answers (1)
Reputation: 507
This new concept has come to save your application by attacker. So, here is the option to allow/restrict cookie for sameSite.
This problem got Chrome 80 or later in 2020 and it introduces new cookie values and cookie policies. Three values can be passed into the updated SameSite attribute: Strict, Lax, or None. If you don't specify SameSite attribute in <httpCookies> then it will default to SameSite=Lax.
Now, Lax is good for same site. If you are using cross site or iframe(it is also consider as cross site) then you need to use none. And if you want to restrict your cookie then you need to use Strict.
Example:
- For
httporhttps, You need to do following steps--
<httpCookies domain="xyz.com" requireSSL="true" sameSite="None" />
You can use some attribute for <SessionState>
<sessionState allowCustomSqlDatabase="true" cookieSameSite="None" sqlConnectionString="Data Source=serverName; Initial Catalog=databaseName;
User ID=userid;Password=pass;" timeout="55"/>
For local access, You need to do following steps--
- Launch this URL on chrome chrome://flags/#same-site-by-default-cookies
- You will see "SameSite by default cookies" by default it is marked as
Default, change the state asDisabled - Click on Relaunch button into the browser.
- Make
requireSSL="false"(on local system)
One special case for Iframe. If you are using Iframe to load different application in your application. Then your session will be null in private(incognito) window in chrome.
I have one solution for this special case. You need to use cookieless="true" in ```. Only if when you are not using cookies in your application.
For your reference:
https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite
https://learn.microsoft.com/en-us/microsoftteams/platform/resources/samesite-cookie-update https://learn.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications
Upvotes: 1
Related Questions
- Losing user cookies and session data after being redirected from payment gateway
- Losing session data after redirecting from a 3rd party API (payment gateway)
- Since Chrome 79 session "lost" after redirect
- Chrome won't redirect back to URL after Authentication handling
- MVC Redirect error in Chrome
- ASP.NET MVC Session.IsNewSession issue with Google Chrome
- asp.net MVC cookie is null while page is redirecting
- FormAuthentication persistant false but chrome remains logged in
- Session issue with chrome in MVC3
- Chrome and IE not sending ASP.NET_SessionID - i.e. session variable gets lost?