It's super important to set our Cookies to SameSite, so that our DNN content can be used / embedded in other websites. These steps are based on the Microsoft SameSite docs

Pre-Requisites: .net 4.8

  1. Before you start, do make sure you understand the goals.
  2. .NET 4.8 Patches from Dezember 2019 or later must be installed on the Web Server. 
    Previous versions incl. 4.7 have various bugs related to the sameSite cookie, so it's never really going to work. 

Changes to web.config

  1. Increase ASP.Net Version to 4.8
    <system.web>
      <compilation targetFramework="4.8"/>
      <httpRuntime targetFramework="4.8"/>
    </system.web>
  2. Adapt <httpCookies> settings in <system.web> like this
    <system.web>
    <httpCookies sameSite="None" requireSSL="true" />
    <system.web>
  3. Update<forms> key in <authentication> settings in <system.web> like this
    <forms ... cookieSameSite="None" requireSSL="true"/>
  4. Optionally also adapt cookies for anonymousIdentification and forms-authentication (see details). sessionState and roleManager is usually not relevant.
  5. Add app-setting to enable pre-4.5 JavaScript-Validation behavior.
    Note: In DNN 9 this is usually already set!
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
    (Details)