So as part of the payment process in my site, I have to visit an ExternalURL to validate certain fields and as a result of the Validation completion, I will be getting a POST back to my Action Method with some response variables. The problem that I am facing is that the cookies fail to persist even though I have tried out the following Steps.
Part of the Web.config that I modified.
<system.web>
<authentication mode="None">
<forms cookieSameSite="Lax" requireSSL="false" />
</authentication>
<compilation debug="true" targetFramework="4.7.2" />
<httpRuntime targetFramework="4.7.2" executionTimeout="500" />
<!-- Added this line for restoring Cookie values after the redirect to an external URI. -->
<httpCookies requireSSL="true" />
<sessionState cookieSameSite="None" cookieless="false" timeout="360" />
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483647" />
</webServices>
<scriptResourceHandler enableCaching="false" enableCompression="false" />
</scripting>
</system.web.extensions>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
<!--<rewrite>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=lax" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=lax" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>-->
</system.webServer>
The method from where we call the External URL has this piece of code.
HttpCookie ckpaymentTRID = new HttpCookie("PaResTransactionID");
ckpaymentTRID.Value = resultPaymentObj.TransactionID.ToString();
ckpaymentTRID.SameSite = System.Web.SameSiteMode.Lax;
ckpaymentTRID.Secure = true;
HttpContext.Response.Cookies.Add(ckpaymentTRID);
The method where I receive the POST from the External URL consists of this
var SomeCookiee = HttpContext.Request.Cookies["PaResTransactionID"];
Also, I have browsed through this article here and am aware of the changes pre and post the .NET framework update.
Thanks in advance for the help!!!
Turns all the web.config setting changes were inconsequential as the remaining were actually enough to make the cut. Here is actually how I got a hint about how to solve this issue :
As I was being redirected from my application to the External-URL.....in Google Chrome, under dev tools you get to see the cookies that have been passed... I was always getting a warning saying that "since your cookie is not a secure cookie, chrome by default changes the SameSite setting from None to Lax and so your cookie doesn't persist throughout the request at all.".....which then prompted me to change the web application settings to run as https://localhost rather than http://localhost in VS2019. Once I did that, I saw that I no more needed the explicit HttpCookie or sessionState settings to be modified or in fact placed at all in the web.config and the Cookie value persisted in spite of the External Domain Re-Direction.