how we can set secure,HttpOnly and samesite attribute in ApplicationGatewayAffinity?

Rangu, Shravani 26 Reputation points
2022-05-23T10:13:57.87+00:00

Is this an issue with Azure? Is there anything that needs to be configured on the web app to get this working, or perhaps I have to set the cookie in a different way?

is this cookie a third party cookie? or else if we can set this cookie normally can anyone explain? and when i inspect the code i have seen ApplicationGatewayAffinityCORS but i didnt found anything related to this cookie in source code (react and nodejs)can any one know about this ?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
962 questions
Accepted answer
  1. Ryan Hill 25,981 Reputation points Microsoft Employee
    2022-05-23T23:14:11.447+00:00

    I don't believe this scenario is supported @Rangu, Shravani , but I think Application Gateway HTTP settings configuration is the documentation you're looking for. The following note in the doc states:

    Note
    If the attribute SameSite=None is set, it is mandatory that the cookie also contains the Secure flag, and must be sent over HTTPS. If session affinity is required over CORS, you must migrate your workload to HTTPS. Please refer to TLS offload and End-to-End TLS documentation for Application Gateway here – Overview, Configure an application gateway with TLS termination using the Azure portal, Configure end-to-end TLS by using Application Gateway with the portal.

    According the doc, you can change SameSite attribute and the cookie name but the cookie has to be sent over HTTPS.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest