Skip to content

Commit 8fd140e

Browse files
surajmbsurajmb
authored
Fixed a grammatical error
Fixed a grammatical error
1 parent 0df4586 commit 8fd140e

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/application-gateway/configuration-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ This feature is useful when you want to keep a user session on the same server a
254254

255255
The [Chromium browser](https://www.chromium.org/Home) [v80 update](https://chromiumdash.appspot.com/schedule) brought a mandate where HTTP cookies without [SameSite](https://tools.ietf.org/id/draft-ietf-httpbis-rfc6265bis-03.html#rfc.section.5.3.7) attribute has to be treated as SameSite=Lax. In case of CORS (Cross-Origin Resource Sharing) requests, if the cookie has to be sent in a third-party context, it has to use “SameSite=None; Secure” attributes and it should be sent over HTTPS only. Otherwise, in a HTTP only scenario, the browser won’t send the cookies in the third-party context. The goal of this update from Chrome is to enhance security and to avoid Cross-Site Request Forgery (CSRF) attacks.
256256

257-
To support this change, starting February 17th 2020, Application Gateway (all the SKU types) would be injecting another identical cookie called **ApplicationGatewayAffinityCORS** in addition to the existing **ApplicationGatewayAffinity** cookie, which is similar, but this cookie will now have two more attributes **"SameSite=None; Secure"** added to it so that sticky session can be maintained even for cross-origin requests.
257+
To support this change, starting February 17th 2020, Application Gateway (all the SKU types) would be injecting another cookie called **ApplicationGatewayAffinityCORS** in addition to the existing **ApplicationGatewayAffinity** cookie, which is similar, but this cookie will now have two more attributes **"SameSite=None; Secure"** added to it so that sticky session can be maintained even for cross-origin requests.
258258

259259
Please note that the default affinity cookie name is *ApplicationGatewayAffinity* and this can be changed by the users. In case you are using a custom affinity cookie name, an additional cookie will be added with CORS as suffix, for example, *CustomCookieNameCORS*.
260260

0 commit comments

Comments
 (0)