跨網域 Iframe 建立 cookies

  • 990
  • 0
  • C#
  • 2021-08-23

筆記一下跨網域 cookies 建立注意事項

※ .NET Framework 4.7 才有內建 SameSite 屬性可以設定 SameSite.None

總之就是建立 cookies 的時候要設定以下屬性

sameSiteCookie.Secure = true;

sameSiteCookie.HttpOnly = true;
sameSiteCookie.SameSite = SameSiteMode.None;

完整範例

// Create the cookie
HttpCookie sameSiteCookie = new HttpCookie("SameSiteSample");

// Set a value for the cookie
sameSiteCookie.Value = "sample";

// Set the secure flag, which Chrome's changes will require for SameSite none.
// Note this will also require you to be running on HTTPS
sameSiteCookie.Secure = true;

// Set the cookie to HTTP only which is good practice unless you really do need
// to access it client side in scripts.
sameSiteCookie.HttpOnly = true;

// Add the SameSite attribute, this will emit the attribute with a value of none.
// To not emit the attribute at all set the SameSite property to -1.
sameSiteCookie.SameSite = SameSiteMode.None;

// Add the cookie to the response cookie collection
Response.Cookies.Add(sameSiteCookie);

參照

SameSite cookie sample for ASP.NET 4.7.2 C# WebForms | Microsoft Docs

PS5