IFrame issues after Microsoft changed default settings to SameSite cookie attribute

  • Updated
Description

Chrome will be automatically changing session cookies with SameSite="None" to SameSite="Lax".

https://www.chromestatus.com/feature/5088147346030592

Microsoft is preemptively addressing this with the following update.
https://support.microsoft.com/en-us/help/4524420/kb4524420

Due to this, Microsoft ASP.NET will now emit a SameSite cookie header when HttpCookie.SameSite value as "None"

This caused an issue with a client's IFrame which was loading a page from their largest customer's site. 

Steps

Set the cookieSameSite= "None" in the session state tag to avoid this issue. 

<sessionState cookieSameSite="None"  cookieless="false" timeout="360">
</sessionState>

Taken from this post
https://forums.asp.net/t/2161961.aspx?Problem+with+Session+in+iFrame+after+recent+windows+update