ASP.NET_SessionId cookie值始终在SameSite中不严格 [英] ASP.NET_SessionId cookie value is alway Lax in the SameSite

问题描述

我有一个ASP.NET Web应用程序，该应用程序需要在另一个站点的iframe中打开，即它应支持跨站点cookie.我想设置 SameSite = None;在网络应用程序中安全.我放

I have an ASP.NET Web Application and the application need to open in an iframe in another site i.e. it should support cross-site cookies. I want to set SameSite=None; Secure in the web application. I put

<httpCookies sameSite="None" requireSSL="true" /> 

Web.config中的

，但cookie ASP.NET_SessionId 中的 SameSite 值始终为 Lax .我是否在web.config中进行了正确的配置?

in the Web.config but the SameSite value in the cookie ASP.NET_SessionId is always Lax. Am I doing the right configuration in web.config?

推荐答案

Web.config中的< httpCookies sameSite ="..."> 属性不会影响ASP.NET_SessionId曲奇饼.改为设置< sessionState cookieSameSite ="..."> 属性:

The <httpCookies sameSite="..."> attribute in Web.config doesn't affect the ASP.NET_SessionId cookie. Set the <sessionState cookieSameSite="..."> attribute instead:

<system.web>
    <sessionState cookieSameSite="None" />
</system.web>

这篇关于ASP.NET_SessionId cookie值始终在SameSite中不严格的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！