Asp net core razor unable to set cookies when using apache as reverse proxy


ASP.NET is a popular programming language used for building web applications. It provides a framework for dynamic websites and web services. One common issue that developers face is the inability to set cookies when using Apache as a reverse proxy with ASP.NET Core . In this article, we will explore this problem and provide a solution with examples.

The Problem

When using Apache as a reverse proxy with ASP.NET Core Razor, developers often encounter difficulties in setting cookies. This can be frustrating as cookies are an essential part of web applications for maintaining user sessions and storing user- data.

The Solution

To solve this problem, we need to configure Apache to forward the necessary to the ASP.NET Core application. This can be achieved by modifying the Apache configuration file.

Step 1: Modify Apache Configuration

Open the Apache configuration file (usually located at /etc/httpd/conf/httpd.conf or /etc/apache2/apache2.conf) and add the following lines:

ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

These lines configure Apache to forward requests to the ASP.NET Core application running on localhost:5000. The X-Forwarded-Proto and X-Forwarded-Port headers are set to indicate that the original request was made over HTTPS on port 443.

Step 2: Update ASP.NET Core Application

In your ASP.NET Core application, open the .cs file and add the following code to the ConfigureServices method:

This code configures the ASP.NET Core application to the X-Forwarded-Proto and X-Forwarded-Port headers received from the reverse proxy.

Step 3: Update Options

In the same Startup.cs file, add the following code to the Configure method:

app.UseCookiePolicy(new CookiePolicyOptions
    MinimumSameSitePolicy = SameSiteMode.None,
    Secure = true,
    HttpOnly = true

This code sets the MinimumSameSitePolicy to None, allowing cookies to be set from cross-site requests. The Secure and HttpOnly properties are set to true to that cookies are only sent over secure and cannot be accessed by client-side scripts.


By following these steps, you can solve the issue of ASP.NET Core Razor being unable to set cookies when using Apache as a reverse proxy. Configuring Apache to forward the necessary headers and updating the ASP.NET Core application to trust these headers and set the cookie options will ensure that cookies work correctly in your web application.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents