本文介绍了ASP.NET_SessionId cookie值始终在SameSite中不严格的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个ASP.NET Web应用程序,该应用程序需要在另一个站点的iframe中打开,即它应支持跨站点cookie.我想设置 SameSite = None;在网络应用程序中安全.我放

I have an ASP.NET Web Application and the application need to open in an iframe in another site i.e. it should support cross-site cookies. I want to set SameSite=None; Secure in the web application. I put

<httpCookies sameSite="None" requireSSL="true" /> 

Web.config中的

,但cookie ASP.NET_SessionId 中的 SameSite 值始终为 Lax .我是否在web.config中进行了正确的配置?

in the Web.config but the SameSite value in the cookie ASP.NET_SessionId is always Lax. Am I doing the right configuration in web.config?

推荐答案

Web.config中的< httpCookies sameSite ="..."> 属性不会影响ASP.NET_SessionId曲奇饼.改为设置< sessionState cookieSameSite ="..."> 属性:

The <httpCookies sameSite="..."> attribute in Web.config doesn't affect the ASP.NET_SessionId cookie. Set the <sessionState cookieSameSite="..."> attribute instead:

<system.web>
    <sessionState cookieSameSite="None" />
</system.web>

这篇关于ASP.NET_SessionId cookie值始终在SameSite中不严格的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-20 11:31