iframe偶尔会丢失会话Cookie [英] Iframe occasionally loses session cookies
问题描述
有时,在iframe中提交付款表格时,来自付款网关的回发会导致用户因请求缺少ASP.NET_SessionId cookie(我们正在使用状态服务器)而被注销.不是因为我检查了那些日志,所以应用程序池回收导致了问题.它也仅在生产环境中发生.我可以看到会话cookie刚好在提交表单之前就存在,所以我无法弄清楚丢失它的位置.
Occasionally on submitting a payment form in an iframe, the postback from the payment gateway results in the user being logged out as the request is missing the ASP.NET_SessionId cookie (we are using state-server). It's not the app pool recycling causing the issue as I have checked those logs. It also only happens in the production environment. I can see the session cookie exists just before the form is submitted so I can't figure out where it is losing it.
推荐答案
您需要检查是否不受最近推出的KB4524420的影响:
You need to check if you are not affected by the KB4524420 which has recently been rolled out:
当HttpCookie.SameSite值设置为"None"时,ASP.NET现在将发出SameSite cookie标头,以适应即将在Chrome中对SameSite cookie处理进行的更改.作为此更改的一部分,尽管可以在web.config中覆盖这些值,但FormsAuth和SessionState cookie还将使用SameSite ='Lax'发出,而不是以前的默认值'None'.
ASP.NET will now emit a SameSite cookie header when HttpCookie.SameSite value is "None" to accommodate upcoming changes to SameSite cookie handling in Chrome. As part of this change, FormsAuth and SessionState cookies will also be issued with SameSite = 'Lax' instead of the previous default of 'None', though these values can be overridden in web.config.
您必须在会话状态标签中设置cookieSameSite ="None"以避免发生此问题.
You have to set the cookieSameSite= "None" in the session state tag to avoid this issue.
<sessionState cookieSameSite="None" cookieless="false" timeout="360">
</sessionState>
但是,在某些情况下(在v13之前的iOS和MacOS中的Safari),这会破坏Safari,因此您可能需要考虑添加两个cookie,一个cookie具有SameSite = None,一个cookie没有为SameSite指定任何值.这是由于Safari中的一个错误,该错误使SameSite = None变为SameSite = Strict.
However this will break Safari in certain cases (iOS prior to v13 and Safari in MacOS) so you might want to consider adding two cookies, one with SameSite=None and one without specifying any value for SameSite). This is due to a bug in Safari which makes SameSite=None to become SameSite=Strict.
这篇关于iframe偶尔会丢失会话Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
