6

Session cookies are being set on Chrome, FireFox and even IE but not on Edge

The browser version is Microsoft Edge 42.17134.1.0

DotNet core version is 2.1

and the following information is used in my startup.cs file

 public void ConfigureServices(IServiceCollection services) {
  services.Configure < CookiePolicyOptions > (options => {
   options.CheckConsentNeeded = context => false;
   options.MinimumSameSitePolicy = SameSiteMode.None;
  });

  services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddJsonOptions(options => {
   options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
  }).AddSessionStateTempDataProvider();

  services.AddDistributedMemoryCache();

  services.AddSession(o => {
   o.IdleTimeout = TimeSpan.FromMinutes(80);
   o.Cookie.HttpOnly = true;
   o.Cookie.Name = "my-session-cookie";

  });
 }

 public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
  if (env.IsDevelopment()) {
   app.UseDeveloperExceptionPage();
  } else {
   app.UseExceptionHandler("/Error");
   app.UseHsts();
  }

  app.UseHttpsRedirection();
  app.UseStaticFiles();
  app.UseCookiePolicy();
  app.UseSession();

  app.UseSpaStaticFiles();

  app.UseMvc(routes => {
   routes.MapRoute(
    name: "default",
    template: "{controller}/{action=Index}/{id?}");
  });

  app.UseSpa(spa => {
   spa.Options.SourcePath = "ClientApp";

   if (env.IsDevelopment()) {
    spa.UseReactDevelopmentServer(npmScript: "start");
   }
  });
 }

Here are some of the things I've tried out so far:

  • Adding the IsEssential condition to session options
  • Removing CookiePolicyOptions and UseCookiePolicy
  • Attempting to add an expiration date to the session cookie (didn't even start the solution)
Chriss Hd
  • 584
  • 4
  • 15
  • Just by chance, are you trying setting the cookie after a new tab/windows has been opened by Edge? – Paul Cream Mar 22 '19 at 15:37
  • @PaulCream No, the session cookie should be set directly on the application start just a FYI, I found what the problem was and i'll post an answer – Chriss Hd Mar 30 '19 at 17:43

2 Answers2

7

Using fetch on Edge is causing the set-cookie header to not set a cookie on the browser

The solution was to add credentials: "same-origin" to the fetch options object

DOT NOT ADD IT TO THE HEADER

Quotes from HERE

By default, fetch won't send or receive any cookies

That means your have add the credentials object to it so it can set those cookies

Since Aug 25, 2017. The spec changed the default credentials policy to same-origin.

I guess Edge have not implemented that default yet

Here's an example of a working fetch

fetch(link, {
  body: JSON.stringify(myDataObject),
  method: "POST",
  credentials: "same-origin",
  headers: {
    "content-type": "application/json"
  }
});
Chriss Hd
  • 584
  • 4
  • 15
0

Open the Edge setting and click the "Advanced settings", under Cookies section, select "Under Cookies section" option, then re-test your application.

If still not working, try to reset your browser configuration to default and test your website again.

Zhi Lv
  • 18,845
  • 1
  • 19
  • 30