Last post Oct 21, 2020 09:12 PM by PatriceSc
Oct 21, 2020 07:12 PM|blazingon|LINK
We have an ancient.NET website that that uses .NET Framework 4.5, one part of the site is basically a form. With it, looks like there is an issue with the cookies - the data that is pulled from the server isn't showing up in the cookies, thus causing the
form to redirect to the main page and not submitting the form as anticipated when using browsers like Chrome and the newest Edge.
I'm looking at the set-cookies in the response header of the form, and am seeing an issue that because of the samesite=none, we need to add the attribute, 'secure' to the header. My research indicates that it isn't available for the version we're using,
we have to upgrade to 4.7.2 (which I am hoping to avoid). What are our options?
From our web config file
<sessionState cookieless="UseCookies" mode="InProc" timeout="60"></sessionState>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
Oct 21, 2020 09:12 PM|PatriceSc|LINK
This is just an http header you should be able to change "by hand" for example using
https://stackoverflow.com/questions/62576470/how-to-set-samesite-value-to-none-in-net-4-5-2 or maybe as an HttpModule.
Trying to use a current version can be still a good idea (AFAIK the oldest supported .4.x version is 4.5.2).
Edit: try perhaps
https://charliedigital.com/2020/01/22/adventures-in-single-sign-on-samesite-doomsday/ for an HttpMdule version.