From the course: ASP.NET: Security

Setting cookie attributes in the app

From the course: ASP.NET: Security

Start my 1-month free trial

Setting cookie attributes in the app

- [Instructor] I have added the httpCookies note. I get this weird error, that sameSite is not allowed. Well, since I need a recent enough version of .NET framework, let's have a look. So I go to Properties and Application, and I see, oh 4.6.1. No, need 4.7, 4.7.2 to be exact. So I change the .NET framework version number here. It's changed here as well. Actually I changed the http runtime to 4.7.2 as well. And now I still get that green squiggly line at sameSite but it will work. I start the application in the browser as usual, and then I log in. Maybe this time with Barbara. She's pretty invested so is Adam, who is logging in. I hope that's the right password. And now, I open up the developer console, and we go to a page with the request verification token again with the request verification token cookie and then you see here that sameSite is set to strict. So the setting did apply to that request verification token cookie. It does not apply to the .AspNet application cookie, cookie that's the one used for authentication that somehow would not work with sameSite settings applied, that's why the .NET framework chooses to ignore it.

Contents