Browser won't set ASP.NET_SessionId cookie on payment gateway's post request to our site

Question

We\'re experiencing a weird problem with the payment process of our web application which results in loss of session data.

In this process, after our check-out page

Answer 1

I modified upon several SO answers to come up with this URL rewrite that adds SameSite=None to session cookies, and also remove SameSite=None from all cookies for most incompatible browsers. The aim of this rewrite is to preserve the "legacy" behaviour pre-Chrome 80.

Full write-up in my Coder Frontline blog:

This should work for most ASP .Net and ASP .Net Core applications, although newer Frameworks have proper code and config options to let you control this behaviour. I would recommend researching all the options available to you before using my rewrite above.