.AspNet.Litium Is not set in CORS requests

Hi, when calling an web api that uses _loginService.Login() to log in the user, the set cookie header for the .AspNet.Litium cookie is not present in the response. But if i call the same endpont form the same domain, the set-cookie is there.

Where is this cookie set?
Is there a security check somewhere? Also, if i want to change the SameSite or Secure setting on this cookie, where should i do this?

Thanks

Litium version: 7.6

To answer your second question. Depending on version of litium or rather asp.net you can do it from web.config or via url-rewrite.
If you have older version of litium with older version of .net you can’t do it from web.config.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.