Share via

SameSiteMode Enum


Specifies constants that indicate the value for the SameSite attribute of the cookie.

public enum class SameSiteMode
public enum SameSiteMode
type SameSiteMode = 
Public Enum SameSiteMode


Lax 1

The cookie will be sent with "same-site" requests, and with "cross-site" top level navigation.

None 0

The cookie will be sent with all requests (see remarks).

Strict 2

When the value is Strict the cookie will only be sent along with "same-site" requests.


The behavior of None was modified by updates described in KB article 4531182 and KB article 4524421.

Without these updates, the None value does not emit the SameSite cookie header. This conforms to https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1.

After these updates have been applied, the None value emits the SameSite=None cookie header. This new behavior conforms to https://tools.ietf.org/html/draft-west-cookie-incrementalism-00. As part of this change, FormsAuth and SessionState cookies will be issued with SameSite = Lax instead of the previous default of None, though these values can be overridden in web.config.

On systems where these updates have been applied, you can specify the previous behavior by setting the SameSiteMode to (SameSiteMode)(-1). You can specify this behavior using the string Unspecified in web.config.

Applies to