How to set SameSite cookie attribute to explicit None ASP NET Core

Same issue occurs in ASP.NET as in ASP.NET Core.

Until Microsoft produce a fix, a hack that's working for me is to replace

myCookie.Path = "/";
myCookie.SameSite = SameSiteMode.None;     // has no effect

with

myCookie.Path = "/; SameSite=None";

This adds SameSite=None to the set-cookie header in the HTTP response.


It's now fixed in latest release of all versions of .NET Framework and .NET Core (https://github.com/aspnet/AspNetCore/issues/12125)

I have multiple projects running on .NET Core 2.2 and after upgrading to 2.2.207, I don't have the problem anymore.

Here a sample code present in ConfigureServices method of Startup.cs file

services.ConfigureApplicationCookie(options => {
     options.Cookie.SameSite = SameSiteMode.None;
});

Tags:

C#

Asp.Net

Asp.Net Core

Recent Posts