Should I set Cookie.SameSite attribute to None in cookie configuration is ASP .NET Core

3 weeks ago 23
ARTICLE AD BOX

In Program.cs I have configured cookie like so:

.AddCookie(options => { options.Cookie.HttpOnly = true; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; })

I have noticed that Cookies without SameSite are treated as Lax by default.

Should I set SameSite=None if my MVC app uses Entra ID as an identity provider?
From what I can see is that Entra does cross-site callback to the application during authentication.

My understanding is that I should do something like this instead:

.AddCookie(options => { options.Cookie.HttpOnly = true; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; options.Cookie.SameSite = SameSiteMode.None; })

Documentation links would be appreciated

Read Entire Article
  3. Should I set Cookie.SameSite attribute to None in cookie configuration is ASP .NET Core

Related

WTelegramClient: Intermittent Auth_SentCode success — code arrives "via App" but is missing after periods of inactivity

WTelegramClient: Intermittent Auth_SentCode success — code arrives "via App" but is missing after periods of inactivity

ASP.NET WebForms: page data not cleared after redirect when returning with browser back

ASP.NET WebForms: page data not cleared after redirect when returning with browser back

Problem in editing Excel XLSX files programatically, with DocumentFormat.OpenXml

Problem in editing Excel XLSX files programatically, with DocumentFormat.OpenXml

LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.