3

I have an asp.net MVC application and I want to set all the cookies sameSite=None for the application. I have set the below lines in the web.config but the application sets the cookies without SameSite=None. I have added the below two configurations in the web.config. See the below screenshot having both .AspNet.ApplicationCookie and __RequestVerificationToken cookies placed without sameSite=None. Please help.

<system.web>
        <httpCookies requireSSL="true"/>
        <sessionState cookieSameSite="None"/>
</system.web>

enter image description here

Improve this question
0

1 Answer 1

Reset to default
4

i did it from the code and it worked
in global.asax.cs:

 public class MvcApplication : HttpApplication
                {
                
                   protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
                   {
        .....
                        if (Request.Cookies.Count > 0)
                        {                        
                            foreach (string s in Request.Cookies.AllKeys)
                            {
                                HttpCookie c = Request.Cookies[s];
                                c.SameSite = System.Web.SameSiteMode.None;
                                Response.Cookies.Set(c);
                            }
                       }
        ....
                    }
                }

if you want for specific cookie

 if (Request.Cookies.Count > 0)
            {
                foreach (string s in Request.Cookies.AllKeys)
                {
                    if (s.ToLower() == "__requestverificationtoken")
                    {
                        HttpCookie c = Request.Cookies[s];
                        c.SameSite = System.Web.SameSiteMode.Strict;
                        Response.Cookies.Set(c);
                    }
                }
            }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

massive THANK YOU!! I have been battling with this issue for such a long time. All the Microsoft solutions I have tried just do not work. This is simple, makes sense, and most importantly, it works. I am using MVC .NET 4.7.2 and your solution has save me. Again, THANK YOU!!!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.