Last post Sep 10, 2020 06:47 AM by yij sun
Aug 28, 2020 09:24 AM|pawanjot90|LINK
I have a travel b2b website where agent does railway and airline booking. Since last couple of weeks, we have been facing Session Lost issue when an agent is redirected back to our website from payment gateway or railway booking. I am currently using Microsoft
Framework 4.0. Can it be due to this ?
This issue has started since last month and happening only on Google Chrome. Everything is working smooth of Internet Explorer, Firefox or Microsoft Edge.
Aug 28, 2020 10:19 AM|PatriceSc|LINK
And do you see this behavior with your version of Chrome. A recent change that could perhaps cause that is https://www.chromium.org/updates/same-site
If you follow https://www.chromium.org/updates/same-site/test-debug you could turn this feature on or off to see if the behavior is changing. If confirmed and you are using really .NET 4.0
it will be perhaps a problem (this version being not supportted any more).
Edit: and/or use F12 tools to see which settings are used for the session cookie?
Aug 28, 2020 12:58 PM|pawanjot90|LINK
Thank you for your reply. It has helped a lot as I did the below changes in Google Chrome and it has started working.
SameSite by default cookies - Disabled
Enable removing SameSite=None cookies - Disabled
Can you please advise how I can get the same implemented in the code rather than doing manually for each agent by taking their system on anydesk.
Aug 29, 2020 01:36 AM|PatriceSc|LINK
It seems the best option is to install and perhaps even target 4.7.2 or later. With https://knowledgehub.intelledox.com/changelog/how-chrome-80-update-for-samesite-potentially-impacts-your-intelledox-instance you
could use the cookieSameSite attribute to configure the needed option. I checked and similarly https://docs.microsoft.com/en-us/dotnet/api/system.web.httpcookie.samesite?view=netframework-4.8 is
new in 4.7.2.
If you can't for now you could configure IIS to change this option: https://www.petefreitag.com/item/850.cfm
Sep 09, 2020 02:25 PM|pawanjot90|LINK
I have updated the framework to 4.8 now. Can you please advise how can I add the below in web config -
Currently I have done as below but it is not working.
<httpCookies sameSite="None" requireSSL="true" />
Sep 10, 2020 06:47 AM|yij sun|LINK
Accroding to your description,as far as I think,You need to check wheather SameSite support older browsers.
HttpCookies that explicitly set SameSite=None in code or configuration now have that value written with the cookie, whereas it was previously omitted. This may cause issues with older browsers that only support the 2016 draft standard.When targeting browsers
supporting the 2019 draft standard with SameSite=None cookies, remember to also mark them Secure or they may not be recognized.
More details,you could refer to below article: