Skip to content

Commit 3c330fa

Browse files
surajmbsurajmb
authored
Update FAQ for SameSite
Update FAQ for SameSite
1 parent 1823f78 commit 3c330fa

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

articles/application-gateway/application-gateway-faq.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -405,6 +405,9 @@ But if you'd like to use Application Gateway V2 with only private IP, you can fo
405405
Sample NSG configuration for private IP only access:
406406
![Application Gateway V2 NSG Configuration for private IP access only](./media/application-gateway-faq/appgw-privip-nsg.png)
407407

408+
### Does Application Gateway affinity cookie support SameSite attribute?
409+
Yes, the [Chromium browser](https://www.chromium.org/Home) [v80 update](https://chromiumdash.appspot.com/schedule) introduced a mandate on HTTP cookies without SameSite attribute to be treated as SameSite=Lax. This would mean that the Application Gateway affinity cookie won't be sent by the browser in a third-pary context.
410+
To support this scenario, Application Gateway will be injecting another cookie called “ApplicationGatewayAffinityCORS” in addition to the existing ApplicationGatewayAffinity cookie, which is similar, but this cookie will now have two more attributes “SameSite=None; Secure” added to it so that sticky session can be maintained even for cross-origin requests. See [cookie based affinity section](configuration-overview.md#cookie-based-affinity) for more information.
408411

409412
## Next steps
410413

0 commit comments

Comments
 (0)