after migrate to .net core 2.0 session stop working correctly
Question
I write my application in .NET 1.0 and after an update it to version 2.0 then, my session stopped working.
My settings in Startup.cs:
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(15);
options.Cookie.HttpOnly = true;
});
...
app.UseSession();
I set the session at my controller:
HttpContext.Session.SetString(SessionKey, data);
After that I redirect to my static file containing angular:
return Redirect($"~/index.html?test={test}");
The file is placed in the wwwroot folder.
And when I use angular to get data from my app:
$http.get(baseUrl + "/Configure/Refresh?test=" + test).then(handleSuccess, handleError("Error getting settings")
I check the session in my controller action:
_logger.LogInformation($"Session: {HttpContext.Session.GetString(SessionKey)}");
And it is blank. I don't know why - before the update, it worked correctly.
1 answers
solution1
2 ACCPTED 2017-10-18 07:39:00
Ok I discover what was wrong. After update session as default have SameSite set to Lax. Before is was none. I set this value to Strict and all work correctly.
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(15);
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
});
Article: https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.