由于Chrome 79会话“丢失"，重定向后 [英] Since Chrome 79 session "lost" after redirect

问题描述

自Chrome 79发行以来，我似乎无法弄清这个奇怪的事情.

I've this weird thing I can't seem to figure out since the release of Chrome 79.

在您注册的网站上.注册后，您需要付款.付款发生在另一个网站上，Buckaroo是付款提供商.付款后，您将再次通过POST请求重定向到我们的网站.这是有趣的东西开始的地方，一开始您已登录，因此您应该已经登录了一段时间，因为您已经短暂离开了.但是似乎无法识别该会话，因此您将被重定向到登录页面.但是，如果我从更早的步骤中获得相同的重定向URL，它将按预期工作.

On the website you register. After registration you need to pay. Payment happens on another site, Buckaroo is the payment provider. After the payment you will be redirected to our site (via a POST request) again. This is where the funny stuff begins, at first you were signed in so you should still be signed in since you've been away for a short period. But the session doesn't seem to be recognized so you will be redirected to out login page. But if I take the same redirect URL from one step earlier it works as expected.

看起来与从其他域重定向或其他原因有关吗?

So it looks like it has something to do with redirecting from other domains or something?

我已经搜索了代码，而在调试时我发现似乎找不到该会话.这部分代码的最后更改是一年多以前的，自那时以来一直完美.这是我没有向此问题添加代码示例的方式.我搜索了Chrome 79的发行说明，但仍然没有头绪.

I've searched in the code, while debugging I see the session can't seem to been found. The last change in this part of the code is from over a year ago, and worked perfect ever since. This is way I have no code examples added to this question. I've searched through the release notes of Chrome 79 but still no clue.

下一步有什么线索/想法吗?

Any clue/idea where to look next?

-编辑-

我发现sessionID实际上发生了变化.

I found out the sessionID actually changes..

在我的网站上，选择一种付款方式(确认后，您将被重定向):HttpContext.Session.SessionID:"qibxyymxhvev231n01ndlkyx"

On my site, selecting a payment method (after the confirmation you will be redirected): HttpContext.Session.SessionID: "qibxyymxhvev231n01ndlkyx"

从付款提供商处退回:HttpContext.Session.SessionID:"mwkfptaod0hpyuedvaimtqd0"

Returning from the payment provider: HttpContext.Session.SessionID: "mwkfptaod0hpyuedvaimtqd0"

再次刷新该站点:HttpContext.Session.SessionID:"qibxyymxhvev231n01ndlkyx"

Refreshing the site again: HttpContext.Session.SessionID: "qibxyymxhvev231n01ndlkyx"

推荐答案

遇到了同样的问题.事实证明它与Microsoft有关.

Faced the same issue. turn out that it is related to Microsoft.

在WebConfig中添加CookieSameSite ="NONE"可能会解决您的问题.

Adding CookieSameSite="NONE" in WebConfig will probably solve your problem.

我在配置中添加了它，它解决了这个问题.

I added this in my config and it solved the issue.

<system.webServer>
  <rewrite>
  <outboundRules>
    <clear />
    <rule name="Add SameSite" preCondition="No SameSite">
      <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
      <action type="Rewrite" value="{R:0}; SameSite=None" />
      <conditions> </conditions>
    </rule>
    <preConditions>
      <preCondition name="No SameSite">
        <add input="{RESPONSE_Set_Cookie}" pattern="." />
        <add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None" negate="true" />
      </preCondition>
    </preConditions>
  </outboundRules>
</rewrite>

这篇关于由于Chrome 79会话“丢失"，重定向后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！