You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With Google Chrome 80 coming next week, many sites are updating to MicrosoftOwin 4.1.0. It now sends an explicit SameSite=None cookie attribute if SameSiteMode is set to None. This is all done automatically when updating the Microsoft.Owin.Security package to 4.1.0, without any need to change the code in these packages.
Unfortunately iOS12 (and some more browser/OS combinations) break if an explicit Samesite=None attribute is sent. The workaround suggested by Microsoft is to use a custom CookieManager that detects the user agent, and if needed sets SameSite=(SameSiteMode)(-1). To support this, the options of each provider need to be updated with an ICookieManager property and the handlers need to call the new overload of AuthenticationHandler.GenerateCorrelationId that takes the cookie manager as a param.
The text was updated successfully, but these errors were encountered:
With Google Chrome 80 coming next week, many sites are updating to MicrosoftOwin 4.1.0. It now sends an explicit SameSite=None cookie attribute if SameSiteMode is set to None. This is all done automatically when updating the Microsoft.Owin.Security package to 4.1.0, without any need to change the code in these packages.
Unfortunately iOS12 (and some more browser/OS combinations) break if an explicit Samesite=None attribute is sent. The workaround suggested by Microsoft is to use a custom CookieManager that detects the user agent, and if needed sets SameSite=(SameSiteMode)(-1). To support this, the options of each provider need to be updated with an
ICookieManagerproperty and the handlers need to call the new overload ofAuthenticationHandler.GenerateCorrelationIdthat takes the cookie manager as a param.The text was updated successfully, but these errors were encountered: