In my web application I am iframing a different web application. The domain of both the webapplications are different.
I have following configuration for SessionState in web.config of the iframed web application.
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None"/>
<httpRuntime requestValidationMode="4.7.2" maxQueryStringLength="512" maxUrlLength="512" enableVersionHeader="false" />
<sessionState mode="Custom" cookieless="UseCookies" regenerateExpiredSessionId="true" timeout="245" cookieName="MYCOOKIE" cookieSameSite="None" customProvider="MyCustomSessionProvider">
<providers>
<!-- Custom provider details -->
</providers>
</sessionState>
<compilation batch="false" debug="false" />
<customErrors defaultRedirect="ErrorMessage.aspx" mode="On" />
</system.web>
When I load the page the "MYCOOKIE" of the iframed page is not having SameSite set to none. Because of that MYCOOKIE is not send in subsequent HTTP request.
I am using chrome (Version 86.0.4240.111 (Official Build) (64-bit)) and have enabled third party cookies. IIS version 10.0 Installed .NET framework version in IIS is 4.8.03761
Is there something I am missing?
I had faced the same issue earlier, after upgrading framework to 4.7.2 it wasn't working.
FIX: -- All the installations of Windows has to be up-to-date as SameSite="None" comes with one particular Windows update.
Have a look: https://support.microsoft.com/en-us/help/4533011/kb4533011