ASP.NET Webforms application cookies are not working anymore within canvas - Facebook canvas

Question

Edit 2 : Actually it is working now but not in chrome incognito mode

Edit : I tried these below and still not working

  <system.web>
  <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="false" timeout="60" cookieSameSite="None"  />
<compilation debug="true" targetFramework="4.8">

I have ASP.NET 4.8 Webforms application

You can access from here to test : https://www.monstermmorpg.com/

It uses session state and cookies

Previously my app was working as a canvas app inside facebook

e.g. url : https://apps.facebook.com/monster-mmorpg-game/

Currently you cant test it since facebook disabled due to not being worked

It is not working because it is not able to set any cookies

Let me show. As you see in the below picture, no cookies is set for my domain. However previously exact same setup was working. I assume some policy/security update at browsers broken this or something else maybe.

And here below you see how regular cookies are set in the regular browsing

So how can I fix this cookie issue?

Here my webconfig file

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
    <configSections>
        <section name="ajaxControlToolkit" type="AjaxControlToolkit.AjaxControlToolkitConfigSection, AjaxControlToolkit" />
    </configSections>
    <appSettings>
        <add key="aspnet:RequestQueueLimitPerSession" value="5000"/>
    </appSettings>
  <location path="~/WeeklyEventsProcess.aspx">
    <system.web>
      <httpRuntime executionTimeout="600" />
      <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/Error404.aspx">
        <error statusCode="404" redirect="~/Error404.aspx" />
      </customErrors>
    </system.web>
  </location>
  <connectionStrings />
  <!--
    For a description of web.config changes for .NET 4.5 see http://go.microsoft.com/fwlink/?LinkId=235367.

    The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.5" />
      </system.Web>
  -->
  <system.web>
    <sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="false" timeout="60" />
    <compilation debug="true" targetFramework="4.8">
      <assemblies>
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <add assembly="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
    <httpRuntime targetFramework="4.7.2" />
    <trust level="Full" />
    <authentication mode="Windows" />
    <pages validateRequest="true" viewStateEncryptionMode="Never" enableViewStateMac="true" enableSessionState="true" controlRenderingCompatibilityVersion="4.0" clientIDMode="AutoID" maxPageStateFieldLength="512" enableEventValidation="false">
      <controls>
        <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
      </controls>
    </pages>
    <httpModules />
    <globalization culture="en-US" uiCulture="en-US" />
  </system.web>
  <system.webServer>
    <httpErrors errorMode="Custom">
      <remove statusCode="404" />
      <error statusCode="404" path="/Error404.aspx" responseMode="ExecuteURL" />
    </httpErrors>
    <modules runAllManagedModulesForAllRequests="false" />
    <staticContent>
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
    </staticContent>
  </system.webServer>
  <system.web.extensions>
    <scripting>
      <scriptResourceHandler enableCompression="true" enableCaching="true" />
    </scripting>
  </system.web.extensions>
  <runtime>
    <gcServer enabled="true" />
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="HtmlAgilityPack" publicKeyToken="bd319b19eaf3b43a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.8.10.0" newVersion="1.8.10.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <ajaxControlToolkit htmlSanitizer="AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer, AjaxControlToolkit.HtmlEditor.Sanitizer" />
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
    </compilers>
  </system.codedom>
</configuration>