Session not maintain in ASP.Net Core 6.0 - iframe

Question

When we embed our app (net core 6.0, single page application with React JS) in an iframe on a page on a another domain, requests for session variables are always null.

This mechanism works fine if the page is embedded on a page on the same domain (our website) but when the app is called from an iframe on another domain, sessions are always null.

We have tried the below solution. It doesn't work.

Please find the code details below.

We have below codes in our project.

In Program.cs

build.Services.AddSession(o =>
{
o.IdleTimeout = TimeSpan.FromHours(24);
o.Cookie.HttpOnly = true;
o.Cookie.IsEssential = true;
o.Cookie.SameSite = SameSiteMode.None;
o.IOTimeout = TimeSpan.FromHours(24);
});


build.Services.AddCookiePolicy(o => {
o.MinimumSameSitePolicy = SameSiteMode.None;
o.Secure = CookieSecurePolicy.Always;
o.CheckConsentNeeded = HttpContext => false;
});


build.Services.ConfigureApplicationCookie(o =>
{
o.Cookie.HttpOnly = true;
o.Cookie.IsEssential = true;
o.Cookie.SameSite = SameSiteMode.None;
o.Cookie.Expiration = TimeSpan.FromHours(24);
});


build.Services.AddDistributedMemoryCache();
build.Services.Configure<SecurityStampValidatorOptions>(o => o.ValidationInterval = TimeSpan.FromMinutes(720));


var app = build.Build();
app.UseCookiePolicy();
app.UseSession();

We store session like below

HttpContext.Session.SetString("Something", "Something");

But when we try to get the session value always, it returns null. Because the previous session id changed.

var some = HttpContext.Session.GetString("Something");

I need to maintain the previous session cookies.

Thanks in advance.

Answer 1

i've got the same problem and just this code in Program.cs worked for me.

builder.Services.AddSession(options =>
{
    options.Cookie.SameSite = SameSiteMode.None;
    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    options.Cookie.IsEssential = true;
});