locked
Set custom property in Cookie RRS feed

  • Question

  • User1234498672 posted

    I am currently using a HttpCookie object to set a cookie. The object model provides standard properties like HttpOnly, Secure, Domain, etcetera.

    My project uses .NET framework 4.

    I have read about a new (proposed) standard to declare SameSite behavior. There doesn't seem to be a property for it (yet).

    How can I add the property "SameSite=Strict" to the set-cookie header of the Page response?

    Thanks in advance

    Tuesday, February 28, 2017 8:33 PM

Answers

  • User-2057865890 posted

    Hi Gert-Jan strik,

    It can be done on IIS website using URL rewrite.

    <rewrite>
      <outboundRules>
        <rule name="Add SameSite" preCondition="No SameSite">
          <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
          <action type="Rewrite" value="{R:0}; SameSite=strict" />
          <conditions>
          </conditions>
        </rule>
        <preConditions>
          <preCondition name="No SameSite">
            <add input="{RESPONSE_Set_Cookie}" pattern="." />
            <add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=strict" negate="true" />
          </preCondition>
        </preConditions>
      </outboundRules>
    </rewrite>

    reference: http://stackoverflow.com/a/38957177 

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, March 1, 2017 5:20 AM

All replies

  • User-2057865890 posted

    Hi Gert-Jan strik,

    It can be done on IIS website using URL rewrite.

    <rewrite>
      <outboundRules>
        <rule name="Add SameSite" preCondition="No SameSite">
          <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
          <action type="Rewrite" value="{R:0}; SameSite=strict" />
          <conditions>
          </conditions>
        </rule>
        <preConditions>
          <preCondition name="No SameSite">
            <add input="{RESPONSE_Set_Cookie}" pattern="." />
            <add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=strict" negate="true" />
          </preCondition>
        </preConditions>
      </outboundRules>
    </rewrite>

    reference: http://stackoverflow.com/a/38957177 

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, March 1, 2017 5:20 AM
  • User1234498672 posted

    Thanks for the work-around. May come in handy for other situations in the future.

    Friday, March 3, 2017 1:20 PM