SameSite attribute cannot be changed

Question

• So it is not a "My PC" problem. I deployed the app on our test server and the changes still don't get applied. Next step is to dig deeper and see if some identity related configuration was overwritten somewhere.

---

I've set the `Cookie.SameSite` value to `SameSiteMode.Lax` inside`services.ConfigureApplicationCookie(...)`. Now I'm still getting the cookie with the SameSite value set to strict after I restarted the app and signed in.

services.ConfigureApplicationCookie(...):

services.ConfigureApplicationCookie(options =>
            {
                options.Cookie.Name = "sessionCookie";
                options.Cookie.HttpOnly = true;
                options.Cookie.SameSite = SameSiteMode.Lax;
                options.Cookie.MaxAge = TimeSpan.FromHours(5);
                options.SlidingExpiration = true;
                options.LogoutPath = $"/SignOut";
                options.AccessDeniedPath = $"/Account/AccessDenied";
            });

• Tested in both Chrome and Firefox - same behaviour.
• Cookies were cleared and I also restarted everything.
  • Yes, also my PC.
• I can change any other attribute.
  • I've changed the name, secure and other attributes without fail.
• We are using IdenityServer4 with our own implementation of IdentityUser:

services.AddDefaultIdentity<ApplicationUser>()
    .AddDefaultUI()
    .AddRoles<ApplicationRole>()
    .AddEntityFrameworkStores<AppIdentityDbContext>();

Answer 1

The problem was the following line of code which came way before the lines shown in the question:

services.AddCookieConfiguration();

This was an method with return type IServiceCollection, which was written by another developer a few months ago. Because of this "error" I realized how messy our Startup.cs actually is and extracted some configurations into their own methods.