Empty Sessions in Azure Web Applications

As part of a recent project I needed to embed a Power BI Dashboard in a webpage, in order to authenticate access to this dashboard Azure AD authentication was used, this directs the user to the standard Microsoft login and they are then redirected back to the desired page afterwards. As part of this process I was storing a couple of variables in the browser session to indicate what controller the request had come from and then using accessing them after successful authentication to redirect to the desired location. While this worked fine when running locally it failed when deployed to Azure as the session was always empty.

It turns out this was to do with GDPR related cookie permissions as when the page is redirected to the Microsoft login screen the session on my site was being cleared as I hadn’t implemented a GDPR cookie dialog into my site.

The solution was to just avoid checking for cookie consent in the Startup.cs file allowing the session object to be persisted. This isn’t a good option for a live commercial site but for the internal demo nature of this site it was fine.

	
services.Configure<CookiePolicyOptions>(options =>
{
	// This lambda determines whether user consent for non-essential cookies is needed for a given request.
	options.CheckConsentNeeded = context => false // Changed from true;
	options.MinimumSameSitePolicy = SameSiteMode.None;
});
	

Leave a Reply

Your email address will not be published. Required fields are marked *