Description
Chrome will be automatically changing session cookies with SameSite="None" to SameSite="Lax".
https://www.chromestatus.com/feature/5088147346030592
Microsoft is preemptively addressing this with the following update.
https://support.microsoft.com/en-us/help/4524420/kb4524420
Due to this, Microsoft ASP.NET will now emit a SameSite cookie header when HttpCookie.SameSite value as "None"
This caused an issue with a client's IFrame which was loading a page from their largest customer's site.
Steps
Set the cookieSameSite= "None" in the session state tag to avoid this issue.
<sessionState cookieSameSite="None" cookieless="false" timeout="360">
</sessionState>
Taken from this post
https://forums.asp.net/t/2161961.aspx?Problem+with+Session+in+iFrame+after+recent+windows+update
<%= heading %>