question

RanguShravaniMortgageQuality-7060 avatar image
0 Votes"
RanguShravaniMortgageQuality-7060 asked GitaraniSharmaMSFT-4262 edited

how we can set secure,HttpOnly and samesite attribute in ApplicationGatewayAffinity?

Is this an issue with Azure? Is there anything that needs to be configured on the web app to get this working, or perhaps I have to set the cookie in a different way?

is this cookie a third party cookie? or else if we can set this cookie normally can anyone explain? and when i inspect the code i have seen ApplicationGatewayAffinityCORS but i didnt found anything related to this cookie in source code (react and nodejs)can any one know about this ?

azure-application-gateway
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @RanguShravaniMortgageQuality-7060

I want to simplify what you are having trouble with so that we can support you.
First of all, please tell us "the behavior you expect" and "the current behavior (not expected)".

0 Votes 0 ·

My question is how we can set secure,httponly,samesite attribute in applicationgatewayaffinity cookie by using nodejs/reactjs?
is this cookie a thirdparty cookie can we set in our source code ? if it is a third party cookie how can we enable?

0 Votes 0 ·

Hello @RanguShravaniMortgageQuality-7060 ,

As mentioned by @ryanchill, you can change SameSite attribute and the cookie name but the cookie has to be sent over HTTPS.

For more information, please refer : https://docs.microsoft.com/en-us/answers/questions/226793/index.html

This feature is currently under review by the Product Group team. You can upvote the feature in the below feedback forum.
https://feedback.azure.com/d365community/idea/2d6fdc7f-8426-ec11-b6e6-000d3a4f0789

Kindly let us know if the below helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·

1 Answer

ryanchill avatar image
0 Votes"
ryanchill answered RanguShravaniMortgageQuality-7060 commented

I don't believe this scenario is supported @RanguShravaniMortgageQuality-7060, but I think Application Gateway HTTP settings configuration is the documentation you're looking for. The following note in the doc states:

Note
If the attribute SameSite=None is set, it is mandatory that the cookie also contains the Secure flag, and must be sent over HTTPS. If session affinity is required over CORS, you must migrate your workload to HTTPS. Please refer to TLS offload and End-to-End TLS documentation for Application Gateway here – Overview, Configure an application gateway with TLS termination using the Azure portal, Configure end-to-end TLS by using Application Gateway with the portal.

According the doc, you can change SameSite attribute and the cookie name but the cookie has to be sent over HTTPS.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ryanchill : hi thanks for your response yes i have seen this document and i will try this one today

1 Vote 1 ·