Add these options to web.config for sameSite=None , Lax or Strict <system.web> <httpCookies sameSite=”None”/> <sessionState cookieSameSite=”None” /> <authentication mode=”Forms”> <forms cookieSameSite=”None” /> </authentication>
As of Chrome v107 (Nov 2022) I had a similar issue, spent a few hours digging, and what I found is that the only solution for Chrome is to make your front-end connection secure, ie https (using a proxy for instance): Link An alternative solution is to use Firefox and set: about:config > network.cookie.sameSite.noneRequiresSecure=false. This … Read more
As discussed here: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html This is actually a server side issue. All it is saying, is that you are using a resource from another site (most often JS or CSS) and that server is attempting to set a cookie; however, it does not have the SameSite attribute set. This is being done due to: Today, … Read more
Versions of Safari on MacOS 10.14 and all browsers on iOS 12 are affected by this bug which means that SameSite=None is erroneously treated as SameSite=Strict, e.g. the most restrictive setting. I’ve published some guidance in SameSite cookie recipes on either: Using two sets of cookies to account for browsers that support SameSite=None; Secure and … Read more
Lax allows the cookie to be sent on some cross-site requests, whereas Strict never allows the cookie to be sent on a cross-site request. The situations in which Lax cookies can be sent cross-site must satisfy both of the following: The request must be a top-level navigation. You can think of this as equivalent to … Read more
This console warning is not an error or an actual problem — Chrome is just spreading the word about this new standard to increase developer adoption. It has nothing to do with your code. It is something their web servers will have to support. Release date for a fix is February 4, 2020 per: https://www.chromium.org/updates/same-site … Read more