Feb 27, 2020
Jan 21, 2021
Closed, Fixed and tested
ASP.NET automatically sets the SameSite=None attribute for a cookie sent from a client (generated HttpCookie instances). Forms updates the cookie instance and sends it back to client.
However, with browsers that support the cookie's SameSite attribute (2019 draft), if we have cookie with the SameSite=None and the attribute Secure is not set (the connection also has to be secure if Secure is set - with proper SSL certificate), the cookie is rejected (not updated) in browser.