1

I am facing a problem where in my application (created in ASP.NET 4 Integrated).

I am creating user login session which works fine till the user is on our website but when he goes to payment page and the payment gateway redirects back the user to my website (POST METHOD) the session breaks and user gets logged out.

The session being used in INPROC, all default settings. The same code is working fine on Windows 8 R2 IIS 7.

But this new client is hosted on Windows 2016 with IIS 10.

While user is on our site, each page has the same value and session stays intact.  ASP.NET_SessionId ac4yqgp5dhzwqbviyllopn3c

When the Payment gateway sends the user back to my website, session changes.    ASP.NET_SessionId
httpOnly true path / samesite Lax value fcwox4odux2fn2qqvwztvnkf

Please help!

Gaurav Bharadwaj
  • 11
  • 1
  • Please provide more information. What browser is this? What's the request being sent, etc. You may also want to check https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/ to see if any of this applies. Specifically, if you have explicitly set the cookie as `SameSite=Lax` then it would not be included on a cross-site POST request by design. This may be a situation where you need `SameSite=None; Secure` on that cookie. – rowan_m Feb 20 '20 at 12:47
  • 1
    Thanks for the help, I got this resolved. For user who get into same issue https://stackoverflow.com/questions/59269476/browser-wont-set-asp-net-sessionid-cookie-on-payment-gateways-post-request-to – Gaurav Bharadwaj Mar 04 '20 at 11:03

1 Answers1

0

My code is running on the Paytab payment gateway and, after redirecting, it wipes my session and the user logs out.

I spoke to Karan from Paytab, and could not get any clues. After that, I solved this issue by putting this code in the global.asax:

protected void Application_PreSendRequestHeaders ()
{
    var httpContext = HttpContext.Current;
    if (httpContext != null)
    {
        var cookieValueSuffix = "; Secure; SameSite=none";
 
        var cookies = httpContext.Response.Cookies;
        for (var i = 0; i < cookies.Count; i++)
        {
            var cookie = cookies[i];
            cookie.Value += cookieValueSuffix;
        }
    }
}

If this isn't work, please enable third-parties cookies of Chrome from Chrome Developer > Application > Storage.

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Govind Choudhary
  • 1
  • 1