SameSite is a 2016 extension to HTTP cookies intended to mitigate cross site request forgery CSRF. The original design as was a feature web sites would opt into by adding the new parameters, not setting the SameSite property, or setting it to value of Laxindicated the cookie should be sent on navigation within the same site, or through GET navigation to your site from other sites. A value of Strict limited the cookie to requests only from the same site. .NET 4.7.2 and ASP.NET Core 2.0 added...

Read the full article at ASP.NET Team