SameSiteMode 列舉

定義

指定指出 cookie 之 SameSite 屬性值的常數。Specifies constants that indicate the value for the SameSite attribute of the cookie.

public enum class SameSiteMode
public enum SameSiteMode
type SameSiteMode = 
Public Enum SameSiteMode
繼承
SameSiteMode

欄位

Lax 1

cookie 將隨同 "same-site" 要求以及 "cross-site" 頂層巡覽傳送。The cookie will be sent with "same-site" requests, and with "cross-site" top level navigation.

None 0

Cookie 將會與所有要求一起傳送 (請參閱備註)。The cookie will be sent with all requests (see remarks).

Strict 2

當值為 Strict 時,Cookie 僅能隨同 "same-site" 要求傳送。When the value is Strict the cookie will only be sent along with "same-site" requests.

備註

的行為 None 已由知識庫文章 4531182知識庫文章 4524421中所述的更新修改。The behavior of None was modified by updates described in KB article 4531182 and KB article 4524421.

如果沒有這些更新, None 值就不會發出 SameSite cookie 標頭。Without these updates, the None value does not emit the SameSite cookie header. 這符合 https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1This conforms to https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1.

套用這些更新之後,此值就會 None 發出 SameSite=None cookie 標頭。After these updates have been applied, the None value emits the SameSite=None cookie header. 這個新行為符合 https://tools.ietf.org/html/draft-west-cookie-incrementalism-00This new behavior conforms to https://tools.ietf.org/html/draft-west-cookie-incrementalism-00. 做為這項變更的一部分,FormsAuth 和 SessionState cookie 會與 SameSite = Lax (而非先前的預設 None 值)一起發行,不過,這些值可以在 web.config 中覆寫。As part of this change, FormsAuth and SessionState cookies will be issued with SameSite = Lax instead of the previous default of None, though these values can be overridden in web.config.

在已套用這些更新的系統上,您可以藉由將設定為,來指定先前的行為 SameSiteMode (SameSiteMode)(-1)On systems where these updates have been applied, you can specify the previous behavior by setting the SameSiteMode to (SameSiteMode)(-1). 您可以使用 web.config 中的字串來指定此行為 UnspecifiedYou can specify this behavior using the string Unspecified in web.config.

適用於