コメント
コメントの投稿
※名前とタイトルが入力されていないコメントでは他のコメントとの区別ができません。
入力されていないコメントには返信しませんのであらかじめご了承くださいませ。
Public Enum SameSiteMode
'Unspecified = -1 'Enumとしては設定がありませんが、値としては存在します。
None = 0
Lax = 1
Strict = 2
End Enum
Imports System.Web
Namespace Views
Public Class TestPage
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not IsPostBack Then
Dim cookie As New HttpCookie() With {
.HttpOnly = True,
.Secure = True,
.SameSite = System.Web.SameSiteMode.None
}
HttpContext.Current.Response.SetCookie(cookie)
End If
End Sub
End Class
End Namespace
''' <summary>
''' SameSite属性に不具合のあるブラウザを判別する
''' </summary>
''' <param name="userAgent"></param>
''' <returns></returns>
Public Shared Function DisallowsSameSiteNone(ByVal userAgent As String) As Boolean
If userAgent.Contains("CPU iPhone OS 12") OrElse
userAgent.Contains("iPad; CPU OS 12") Then
Return True
End If
If userAgent.Contains("Macintosh; Intel Mac OS X 10_14") AndAlso
userAgent.Contains("Version/") AndAlso
userAgent.Contains("Safari") Then
Return True
End If
If userAgent.Contains("Chrome/5") OrElse
userAgent.Contains("Chrome/6") Then
Return True
End If
Return False
End Function
''' <summary>
''' セッションクッキーにSameSite属性を設定する
''' </summary>
Public Shared Sub SetSameSiteMode()
Dim section As Object = ConfigurationManager.GetSection("system.web/sessionState")
Dim sss As System.Web.Configuration.SessionStateSection = DirectCast(section, System.Web.Configuration.SessionStateSection)
Dim cookieName As String = "ASP.Net_SessionId"
If Not sss Is Nothing AndAlso
String.IsNullOrEmpty(sss.CookieName) = False Then
cookieName = sss.CookieName
End If
Dim item As String = HttpContext.Current.Response.Headers.Item("Set-Cookie")
Dim mode As String = "SameSite=" + SameSiteMode.None.ToString()
If String.IsNullOrEmpty(item) = False Then
If DisallowsSameSiteNone(HttpContext.Current.Request.UserAgent) Then
mode = String.Empty '"Unspecified"
End If
item = item.Replace("SameSite=Lax", mode)
HttpContext.Current.Response.Headers.Set("Set-Cookie", item)
End If
End Sub
Public Class Global_asax
Inherits HttpApplication
Private Sub Application_BeginRequest(sender As Object, e As EventArgs) Handles Me.BeginRequest
Dim section As Object = ConfigurationManager.GetSection("system.web/sessionState")
Dim sss As System.Web.Configuration.SessionStateSection = DirectCast(section, System.Web.Configuration.SessionStateSection)
Dim cookieName As String = "ASP.Net_SessionId"
If Not sss Is Nothing AndAlso
String.IsNullOrEmpty(sss.CookieName) = False Then
cookieName = sss.CookieName
End If
Dim cookie As HttpCookie = HttpContext.Current.Request.Cookies(cookieName)
If Not cookie Is Nothing AndAlso
String.IsNullOrEmpty(cookie.Value) = False Then
Me.SetSameSite(cookie)
HttpContext.Current.Response.SetCookie(cookie)
End If
End Sub
Enum SameSiteMode
Undefined = -1
None = 0
Lax = 1
Strict = 2
End Enum
Private Sub SetSameSite(ByVal cookie As HttpCookie)
Dim t As Type = cookie.GetType()
Dim pi As System.Reflection.PropertyInfo = t.GetProperty("SameSite")
If DisallowsSameSiteNone(HttpContext.Current.Request.UserAgent) Then
pi.SetValue(cookie, Convert.ToInt32(SameSiteMode.Undefined))
Else
pi.SetValue(cookie, Convert.ToInt32(SameSiteMode.None))
End If
End Sub
End Class
<system.webServer>
<rewrite>
<outboundRules>
<clear />
<rule name="AddSameSite" preCondition="WithoutSameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="WithoutSameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=Lax" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
※名前とタイトルが入力されていないコメントでは他のコメントとの区別ができません。
入力されていないコメントには返信しませんのであらかじめご了承くださいませ。