...
<configuration>
:
<system.web>
:
<httpCookies ... requireSSL="true" />
:
< </system.web>
:
</configuration>
Enable SameSite flag
To enable the SameSite flag Settingon cookies the Web.config needs to be extended with a rewrite rule. To be able to use rewriting within IIS, the URL Rewrite component needs to be installed. More information can be found here: IIS Rewrite module.
After this component is installed, add the following configuration to the system.webServer section.
<configuration>
:
<system.webserver>
:
<rewrite>
<outboundRules>
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=strict" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=strict" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webserver>
:
</configuration>