Microsoft ASP.NET will now emit a SameSite cookie header when HttpCookie.SameSite value is “None” to accommodate upcoming changes to SameSite cookie handling in Chrome. As part of this change, FormsAuth and SessionState cookies will also be issued with SameSite = ‘Lax’ instead of the previous default of ‘None’, though these values can be overridden in web.config.
You have to set the cookieSameSite= “None” in the session state tag to avoid this issue. I have tried this and working well.
<system.web> <sessionState cookieSameSite="None" cookieless="false" timeout="360"> </sessionState> </system.web>