Session Getting Lost in .Net

Question

User-952933116 posted

Dear All,

I have a travel b2b website where agent does railway and airline booking. Since last couple of weeks, we have been facing Session Lost issue when an agent is redirected back to our website from payment gateway or railway booking. I am currently using Microsoft Framework 4.0. Can it be due to this ? 

This issue has started since last month and happening only on Google Chrome. Everything is working smooth of Internet Explorer, Firefox or Microsoft Edge.

Regards

Pawan

Answer 1

User753101303 posted

Hi,

And do you see this behavior with your version of Chrome. A recent change that could perhaps cause that is https://www.chromium.org/updates/same-site

If you follow https://www.chromium.org/updates/same-site/test-debug you could turn this feature on or off to see if the behavior is changing. If confirmed and you are using really .NET 4.0 it will be perhaps a problem (this version being not supportted any more).

Edit: and/or use F12 tools to see which settings are used for the session cookie?

Answer 2

User-952933116 posted

Dear Patrice,

Thank you for your reply. It has helped a lot as I did the below changes in Google Chrome and it has started working.

chrome://flags/

SameSite by default cookies - Disabled

Enable removing SameSite=None cookies - Disabled

Can you please advise how I can get the same implemented in the code rather than doing manually for each agent by taking their system on anydesk.

Regards

Pawan

Answer 3

User753101303 posted

It seems the best option is to install and perhaps even target 4.7.2 or later. With https://knowledgehub.intelledox.com/changelog/how-chrome-80-update-for-samesite-potentially-impacts-your-intelledox-instance you could use the cookieSameSite attribute to configure the needed option. I checked and similarly https://docs.microsoft.com/en-us/dotnet/api/system.web.httpcookie.samesite?view=netframework-4.8 is new in 4.7.2.

If you can't for now you could configure IIS to change this option: https://www.petefreitag.com/item/850.cfm

Answer 4

User-952933116 posted

Dear Patrice,

I have updated the framework to 4.8 now. Can you please advise how can I add the below in web config - 

SameSite by default cookies - Disabled

Enable removing SameSite=None cookies - Disabled

Currently I have done as below but it is not working.

<httpCookies sameSite="None" requireSSL="true" />
    

Regards

Pawan

Answer 5

User1535942433 posted

Hi pawanjot90,

Accroding to your description,as far as I think,You need to check wheather SameSite support older browsers.

HttpCookies that explicitly set SameSite=None in code or configuration now have that value written with the cookie, whereas it was previously omitted. This may cause issues with older browsers that only support the 2016 draft standard.When targeting browsers supporting the 2019 draft standard with SameSite=None cookies, remember to also mark them Secure or they may not be recognized.

More details,you could refer to below article:

https://docs.microsoft.com/en-us/aspnet/samesite/system-web-samesite

Best regards,

Yijing Sun