Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Can I set idsrv.session cookie to SameSite=Strict? #5297

Closed
mgh9 opened this issue Jul 2, 2021 · 6 comments
Closed

Can I set idsrv.session cookie to SameSite=Strict? #5297

mgh9 opened this issue Jul 2, 2021 · 6 comments
Labels
question wontfix

Comments

@mgh9
Copy link

mgh9 commented Jul 2, 2021
edited
Loading

No description provided.

@mgh9 mgh9 added the question label Jul 2, 2021
@mgh9 mgh9 changed the title Why I can't set the ApplicationCookie to SameSite=Strict? Can I set idsrv.session cookie to SameSite=Strict? Jul 3, 2021
@mkeskes
Copy link

mkeskes commented Jul 6, 2021
edited
Loading

Check this PR#4711
var identityServerBuilder = services.AddIdentityServer(options =>
{
options.Authentication.CheckSessionCookieSameSiteMode = SameSiteMode.Strict;
})

@stale
Copy link

stale bot commented Jul 16, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

@stale stale bot added the wontfix label Jul 16, 2021
@joshua5822
Copy link

Is there any solution if you are still on asp.net core 2.x? The latest package points to asp.net core 3.x, so the property for setting this doesn't exist.

@stale stale bot removed the wontfix label Jul 20, 2021
@joshua5822
Copy link

Never mind. I realized I could extend the DefaultUserSession and override the CreateSessionIdCookieOptions method to setup my own value for samesite. Then just needed to set DI for the IUserSession to my new implementation.

@stale
Copy link

stale bot commented Jul 31, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

@stale stale bot added the wontfix label Jul 31, 2021
@stale stale bot closed this as completed Aug 6, 2021
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joshua5822 @mkeskes @mgh9