How to make SameSite Cookie Support In ASP.NET 4.6.1 and below version

Question

I have developed a site using asp.net M V C

we did ran a scan on site and it gives a C S R F asking to make the site cookies Same site. tried below code in web.config but seems its works only from 4.7.1 on wards -

Is there any way we can achieve this in .Net 4.6 , much needed help :)

cookie Same Site="None"

<httpCookies cookieSameSite="None" />

rewite rule

<rewrite>
      <outboundRules>
        <rule name="Add SameSite" preCondition="No SameSite">
          <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
          <action type="Rewrite" value="{R:0}; SameSite=strict" />
          <conditions>
          </conditions>
        </rule>
        <preConditions>
          <preCondition name="No SameSite">
            <add input="{RESPONSE_Set_Cookie}" pattern="." />
            <add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=strict" negate="true" />
          </preCondition>
        </preConditions>
      </outboundRules>
    </rewrite>

Check out this [answer] (https://stackoverflow.com/questions/59117357/how-samesite-attribute-added-to-my-asp-net-sessionid-cookie-automatically/60357945#60357945) — Michael Herzog, Oct 09 '20 at 15:08

How to make SameSite Cookie Support In ASP.NET 4.6.1 and below version

0 Answers0