问题
After updating the chrome to 80 (Version 80.0.3987.149 (64-bit)) recently and clearing cookies of the browser we are seeing below issue in our ASP.Net MVC application.
Session/Cookies are resetting to blank when redirecting to other page. Application is embedded in a iFrame.
I have tried setting Same site to "None" in web.config in below ways but none of them worked -
<sessionState cookieSameSite="None" timeout="60" />
<httpCookies sameSite="None" />
Also installed URL rewrite to override set cookie on IIS -
<rewrite>
<outboundRules>
<rule name="AddSameSiteCookieFlag">
<match serverVariable="RESPONSE_Set-Cookie" pattern="^(.*)(CFID|CFTOKEN|JSESSIONID|ASP.NET_SessionId)(=.*)$" />
<action type="Rewrite" value="{R:0};SameSite=None" />
</rule>
</outboundRules>
</rewrite>
Any help please...
Thanks in advance.
回答1:
I had a similar issue and after doing a lot of research. It is solved by adding a requireSSL attribute in <sessionState>
<httpCookies sameSite="None" requireSSL="true" />
来源:https://stackoverflow.com/questions/60925345/session-cookies-are-resetting-to-blank-in-asp-net-mvc-application-in-an-iframe