You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 13, 2018. It is now read-only.
Sortof. HttpContext.Response.Cookies.Append and HttpContext.Response.Headers.Append can both be used to set a set-cookie header. Note you could also do this in Asp.Net 4. The difference between 4 and Core is that in Core the headers are the source of truth, where in 4 there was a cookies collection that would overwrite the headers just before sending the response.
Because the CookieAuthentication middleware does it's own cookie-writing manually (see https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs), the CookiePolicy middleware can't affect it. This is easily seen by doing something like this in your Startup.cs
CookiePolicy works by replacing the
IResponseCookiesFeature
, but CookieAuth sets the header manually so it ignores the policy.The text was updated successfully, but these errors were encountered: