When they first did this in March, it caused a number of issues including breaking website integrations with some payment gateways.
If you're on .Net 4.7 or higher, Microsoft supports setting SameSite to None. The official recommendation is that if you want to use SameSite None, then you need to move up to .Net 4.7.2, which if you are able, you should absolutely do.
However, there are those of us who are stuck on .Net lower than 4.7 and there is nothing we can do about it and our employers want to know that their sites aren't going to start breaking come the 14th of July.
While trying to find a solution to this problem, I stumbled upon what appears to be a possible solution for those of us stuck on lower .Net versions.
var cookie = new HttpCookie("myreallyimportantcookie") { Value = "myreallyimportantcookievalue", Secure = true, Path = "/", HttpOnly = true };As you'll see from the below image, we have a cookie with the secure attribute and httponly, but no samesite attribute.
Adding SameSite
In .Net 4.7.2, if we want to support SameSite, we simply add the SameSite attribute.var cookie = new HttpCookie("myreallyimportantcookie") { Value = "myreallyimportantcookievalue", Secure = true, Path = "/", HttpOnly = true, SameSite = SameSiteMode.None };Of course, we can't do this in .Net 4.5 as the SameSite property doesn't exist. Instead, we can do this somewhat gross thing:
var cookie = new HttpCookie("myreallyimportantcookie") { Value = "myreallyimportantcookievalue" + ";SameSite=None", Secure = true, Path = "/", HttpOnly = true };And now if we run the application, we can see we have the SameSite attribute set to None.
No comments:
Post a Comment