最新chrome浏览器调试出现,20200905调试出现
进入website: chrome://flags
选择 Cookies without SameSite must be secure 将其改为Disabled
前端为vue,其实是浏览器策略升级,所以这里前端我没有改东西,系统内部使用;
但是后期系统给了外部查看时,这个问题不可避免,然后,,,就改后端咯:
我使用的asp.net core3.1写的后台,所以:
1,在startup , ConfigureServices注入依赖:
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.None;
});
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
});
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromSeconds(60 * 60 * 24);
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
});
我使用的mvc下的session机制来保留用户状态的;
2,配置请求通道,在Configure中使用
app.UseCookiePolicy();
app.UseAuthentication();
最后著名官方文档:https://docs.microsoft.com/zh-cn/aspnet/core/security/samesite?view=aspnetcore-2.2
网友评论