Develop Reference

Send Forms Authentication Cookie with explicit samesite=none

I have been able to do this transition for the session cookie but not for the login cookie
and I have the following web.config
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
if I change cookieSameSite="None" to cookieSameSite="Lax" or strict. I can see that the change takes place, but it seems to still have the old behavior of not emiting the samesite value when set to None
I'm using .net framework 4.7.2 and have installed the server update that allowed me to do the session with samesite=none

turn out I was missing sameSite="None" <httpCookies
so now I have : <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>

How can I get the value of forms loginurl at runtime?

I have this in my web.config:
...
<system.web>
<sessionState mode="InProc" timeout="30" cookieless="UseCookies" />
<authentication mode="Form">
<forms loginUrl="http://myurl" path="/" cookieless="UseCookies" slidingExpiration="true" requireSSL="true" />
</authentication>
...
How can I get the value of loginurl at runtime?

System.Web.Security.FormsAuthentication.LoginUrl
Gets the URL for the login page that the FormsAuthentication class
will redirect to.
Details at MSDN.

my site (ASP.NET webForm ) log out with out user request

my site (ASP.NET webForm ) log out with out user request , user forced to login page and interrupt his work ? please advice ...
this line from my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880" />
</authentication>

Try increasing the Session timeout value, by default this is 30 minutes.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="3000" />
</system.web>

.ASPXAUTH exprires so soon

I have these on my web.config of my root directory
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="60"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
But .ASPXAUTH cleared so soon (5 minutes I guess).
What is the probable reason?

Very often, it is because you rebuild the solution. The web server restarts and machineKey are regenerated.
So the cookie encrypted and signed by previous machineKey is invalid.
That's why you are forced to log out.
Here is a quick one for you.
https://stackoverflow.com/a/436053/280970

Session state timeout parameter issue

I am trying to set the timeout parameter of session state but it doesnt time out.
<sessionState mode="InProc" timeout="1"></sessionState>
I am refreshing the page after 1 minute and I still the session state value.
Why?

Use this way (if in case you are using FA as well)
<system.web>
<authentication mode="Forms">
<forms timeout="1"/>
</authentication>
<sessionState timeout="1" />
</system.web>

<system.web>
<authentication mode="Forms">
<forms timeout="1"/>
</authentication>
<sessionState timeout="1" />
</system.web>
you welcome

The MSDN says it shouldn't be lower then 4 minutes. Refer to the following it might help:
http://justgeeks.blogspot.com/2008/07/aspnet-session-timeouts.html