Simant
Reputation: 4360
How to set sameSite=None in Asp.Net MVC generated cookies?
I have an asp.net MVC application and I want to set all the cookies sameSite=None for the application. I have set the below lines in the web.config but the application sets the cookies without SameSite=None. I have added the below two configurations in the web.config. See the below screenshot having both .AspNet.ApplicationCookie and __RequestVerificationToken cookies placed without sameSite=None. Please help.
<system.web>
<httpCookies requireSSL="true"/>
<sessionState cookieSameSite="None"/>
</system.web>
Upvotes: 3
Views: 1401
Answers (1)
Eassa Nassar
Reputation: 1230
i did it from the code and it worked
in global.asax.cs:
public class MvcApplication : HttpApplication
{
protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
.....
if (Request.Cookies.Count > 0)
{
foreach (string s in Request.Cookies.AllKeys)
{
HttpCookie c = Request.Cookies[s];
c.SameSite = System.Web.SameSiteMode.None;
Response.Cookies.Set(c);
}
}
....
}
}
if you want for specific cookie
if (Request.Cookies.Count > 0)
{
foreach (string s in Request.Cookies.AllKeys)
{
if (s.ToLower() == "__requestverificationtoken")
{
HttpCookie c = Request.Cookies[s];
c.SameSite = System.Web.SameSiteMode.Strict;
Response.Cookies.Set(c);
}
}
}
Upvotes: 4
Related Questions
- How can I set SameSite=None on the AntiForgertyToken cookie in MVC5?
- How to reduce SameSite cookie attribute back to None in ASP.NET?
- SameSite cookies in ASP.NET 4.0
- How to set cookie attribute Samesite = None for .Net Framework earlier of 4.7.2 (for 4.5.2)
- ASP.NET Core MVC session same site URL
- How to set SameSite value to None in .net 4.5.2?
- Setting SameSite=None and Secure in ASP.NET
- How to set SameSite cookie attribute to explicit None ASP NET Core
- SameSite cookies IIS
- ASP.Net Cannot set cookie with SameSite=None