SameSiteMode Enum
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Specifies constants that indicate the value for the SameSite attribute of the cookie.
public enum class SameSiteModepublic enum SameSiteModetype SameSiteMode = Public Enum SameSiteMode- Inheritance
Fields
| Name | Value | Description |
|---|---|---|
| None | 0 | The cookie will be sent with all requests (see remarks). |
| Lax | 1 | The cookie will be sent with "same-site" requests, and with "cross-site" top level navigation. |
| Strict | 2 | When the value is Strict the cookie will only be sent along with "same-site" requests. |
Remarks
The behavior of None was modified by updates described in KB article 4531182 and KB article 4524421.
Without these updates, the None value does not emit the SameSite cookie header. This conforms to https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1.
After these updates have been applied, the None value emits the SameSite=None cookie header. This new behavior conforms to https://tools.ietf.org/html/draft-west-cookie-incrementalism-00. As part of this change, FormsAuth and SessionState cookies will be issued with SameSite = Lax instead of the previous default of None, though these values can be overridden in web.config.
On systems where these updates have been applied, you can specify the previous behavior by setting the SameSiteMode to (SameSiteMode)(-1). You can specify this behavior using the string Unspecified in web.config.
