筆記一下跨網域 cookies 建立注意事項
※ .NET Framework 4.7 才有內建 SameSite 屬性可以設定 SameSite.None
總之就是建立 cookies 的時候要設定以下屬性
sameSiteCookie.Secure = true;
sameSiteCookie.HttpOnly = true;
sameSiteCookie.SameSite = SameSiteMode.None;完整範例
// Create the cookie
HttpCookie sameSiteCookie = new HttpCookie("SameSiteSample");
// Set a value for the cookie
sameSiteCookie.Value = "sample";
// Set the secure flag, which Chrome's changes will require for SameSite none.
// Note this will also require you to be running on HTTPS
sameSiteCookie.Secure = true;
// Set the cookie to HTTP only which is good practice unless you really do need
// to access it client side in scripts.
sameSiteCookie.HttpOnly = true;
// Add the SameSite attribute, this will emit the attribute with a value of none.
// To not emit the attribute at all set the SameSite property to -1.
sameSiteCookie.SameSite = SameSiteMode.None;
// Add the cookie to the response cookie collection
Response.Cookies.Add(sameSiteCookie);參照
SameSite cookie sample for ASP.NET 4.7.2 C# WebForms | Microsoft Docs
