Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Allow setting SameSite mode of the SessionId cookie #4711

Merged
merged 1 commit into from
Oct 7, 2020
Merged

Allow setting SameSite mode of the SessionId cookie #4711

merged 1 commit into from
Oct 7, 2020

Conversation

jhartmann123
Copy link
Contributor

@jhartmann123 jhartmann123 commented Aug 4, 2020
edited
Loading

What issue does this PR address?
The SameSite mode of the sessionId cookie can be configured with this PR. It was hardcoded to SameSiteMode.None before.

We set this to SameSiteMode.Lax for serving via http for local development (in a docker instance), where SameSite=None cookies get ignored (Chrome 84). SameSite=None only works for Secure cookies.

Does this PR introduce a breaking change?
No. The default is still SameSiteMode.None

Please check if the PR fulfills these requirements

  • The commit follows our guidelines
  • Unit Tests for the changes have been added (for bug fixes / features)

Other information:

@dnfadmin
Copy link

dnfadmin commented Aug 4, 2020
edited
Loading

CLA assistant check
All CLA requirements met.

@stale
Copy link

stale bot commented Aug 19, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

@stale stale bot added the wontfix label Aug 19, 2020
@stale stale bot removed the wontfix label Aug 19, 2020
@bryantlikes bryantlikes mentioned this pull request Aug 31, 2020
Closed
@brockallen brockallen added this to the 5.0 milestone Sep 7, 2020
@brockallen brockallen modified the milestones: 5.0, 4.1.1 Oct 7, 2020
@brockallen
Copy link
Member

Great, thanks!

@brockallen brockallen merged commit 5c87628 into IdentityServer:main Oct 7, 2020
@nasir-awan
Copy link

How do we change the SameSiteMode ?

This code does not change it

builder.Services.ConfigureExternalCookie(options =>
           {
               options.Cookie.IsEssential = true;
               options.Cookie.SameSite = SameSiteMode.Lax;
               options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
           });


           builder.Services.ConfigureApplicationCookie(options =>
           {
               options.Cookie.IsEssential = true;
               options.Cookie.SameSite = SameSiteMode.Lax;
               options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

           });

@marlon-tucker
Copy link

It's configured via this:

var identityServerBuilder = services.AddIdentityServer(options =>
                {
                    options.Authentication.CheckSessionCookieSameSiteMode = SameSiteMode.Lax; // Or whatever you wish
                })

@mkeskes mkeskes mentioned this pull request Jul 6, 2021
Closed
@github-actions
Copy link

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
4.1.1
Development

Successfully merging this pull request may close these issues.
5 participants
@jhartmann123 @dnfadmin @brockallen @nasir-awan @marlon-tucker