Can I ask what is the samesite is for cookies
What I Know: Strict : cookies will be sent on samesite Lax and None : will be allowed to sent cross-site but need HTTPS
but Im still confused, currently my .Net Core api is the one setting up the cookies for my ReactJS
will SameSite.Strict, that still work if for example:
1.My ReactJS and Net Core are on different ports but same machine? 2.Different Machines? 3.Same machine, different ports,same domain but different sub-domain?
Regarding your specific scenarios:
If your ReactJS frontend and .NET Core API are on different ports but on the same machine, SameSite=Strict should work fine.
If they are on different machines, SameSite=Strict will still work as long as the requests are considered first-party requests, meaning they share the same site origin.
If they are on the same machine but different ports or sub-domains, SameSite=Strict will still work, provided the requests are considered first-party requests.