This issue occurs because the ASP.NET Session State Cookie is set with SameSite = ‘Lax’ by default, which can cause unexpected behavior for ASP.NET-based applications when embedded in an iFrame.
With the release of the Microsoft KB4533011 patch, the ASP.NET Session State Cookie is now set with SameSite = ‘Lax’. This controls how the cookies associated with the site creating the cookie are restricted to allow the site to determine how cookies will behave across sites. Within the OnBase Web Server, the SameSite attribute for the cookies created by the OnBase Web Server is controlled using the cookieSameSite attribute of the sessionState key in the Web Server web.config file. By default, the setting is set to Lax.
To resolve this issue, modify the Web Server’s web.config file and set the cookieSameSite setting to a value of None.