Search code examples
sessioncookies.net-coresession-cookiesmicrosoft-edge

Session cookie not being set on Edge (dot net core)

Session cookies are being set on Chrome, FireFox and even IE but not on Edge

The browser version is Microsoft Edge 42.17134.1.0

DotNet core version is 2.1

and the following information is used in my startup.cs file

 public void ConfigureServices(IServiceCollection services) {
  services.Configure < CookiePolicyOptions > (options => {
   options.CheckConsentNeeded = context => false;
   options.MinimumSameSitePolicy = SameSiteMode.None;
  });

  services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddJsonOptions(options => {
   options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
  }).AddSessionStateTempDataProvider();

  services.AddDistributedMemoryCache();

  services.AddSession(o => {
   o.IdleTimeout = TimeSpan.FromMinutes(80);
   o.Cookie.HttpOnly = true;
   o.Cookie.Name = "my-session-cookie";

  });
 }

 public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
  if (env.IsDevelopment()) {
   app.UseDeveloperExceptionPage();
  } else {
   app.UseExceptionHandler("/Error");
   app.UseHsts();
  }

  app.UseHttpsRedirection();
  app.UseStaticFiles();
  app.UseCookiePolicy();
  app.UseSession();

  app.UseSpaStaticFiles();

  app.UseMvc(routes => {
   routes.MapRoute(
    name: "default",
    template: "{controller}/{action=Index}/{id?}");
  });

  app.UseSpa(spa => {
   spa.Options.SourcePath = "ClientApp";

   if (env.IsDevelopment()) {
    spa.UseReactDevelopmentServer(npmScript: "start");
   }
  });
 }

Here are some of the things I've tried out so far:

  • Adding the IsEssential condition to session options
  • Removing CookiePolicyOptions and UseCookiePolicy
  • Attempting to add an expiration date to the session cookie (didn't even start the solution)
Solution

  • Using fetch on Edge is causing the set-cookie header to not set a cookie on the browser

    The solution was to add credentials: "same-origin" to the fetch options object

    DOT NOT ADD IT TO THE HEADER

    Quotes from HERE

    By default, fetch won't send or receive any cookies

    That means your have add the credentials object to it so it can set those cookies

    Since Aug 25, 2017. The spec changed the default credentials policy to same-origin.

    I guess Edge have not implemented that default yet

    Here's an example of a working fetch

    fetch(link, {
  body: JSON.stringify(myDataObject),
  method: "POST",
  credentials: "same-origin",
  headers: {
    "content-type": "application/json"
  }
});