You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Response.Cookies.Append(_options.XsrfCookieName, tokens.RequestToken, new CookieOptions
{
HttpOnly = false,
});
What is missing here:
IsEssential = true,
Without making it essential, the cookie will only be set if CheckConsentNeeded option is false. However, the auth cookie is essential according to GDPR.
The text was updated successfully, but these errors were encountered:
The fix works on Firefox but I am still having the issue on Edge (Version 100.0.1185.50 (Version officielle) (64 bits)). I believe the same site option should also be set.
I used the following workaround to set the SameSite to SameSiteMode.Strict, as it is done for the antiforgery cookie.
// HACK: Piranha does not set the SameSite options, resulting in missing cookie on edge.
builder.Services.AddOptions<CookiePolicyOptions>().Configure<IOptions<ManagerOptions>>((options,manager)=>{ options.OnAppendCookie =context =>{if(context.CookieName == manager.Value.XsrfCookieName){ context.CookieOptions.SameSite = SameSiteMode.Strict;}};});
In
SetAuthCookie
we have:What is missing here:
Without making it essential, the cookie will only be set if
CheckConsentNeeded
option isfalse
. However, the auth cookie is essential according to GDPR.The text was updated successfully, but these errors were encountered: