Rework CookieAuth for compat with CookiePolicy.

[Tratcher]

#814 @anurse @HaoK @muratg

Change ChunkingCookieManager from appending raw headers to appending via the response cookies API. Here are a few side effects:

• Removed the key & value encoding. The lower level will handle this and most of the time no encoding is required. Worst case we loose a little bit of length precision and devs need to lower ChunkSize accordingly.
• Removed the quote handling. Cookie auth never uses quotes.
• Change the format of the first cookie from key=chunks:2 to key=chunks-2. : would be escaped by the response cookies API.

[dnfclas]

Hi @Tratcher, I'm your friendly neighborhood .NET Foundation Pull Request Bot (You can call me DNFBOT). Thanks for your contribution!
You've already signed the contribution license agreement. Thanks!

The agreement was validated by .NET Foundation and real humans are currently evaluating your PR.

TTYL, DNFBOT;

[HaoK]

[analogrelay]

[kevinchalet]

I wonder why the cookie manager is not part of a more general repository like HttpAbstractions. It's not really specific to authentication cookies, actually.

[Tratcher]

That's what we thought in Katana, but then nobody else ever used it.

[Tratcher]

Hmm, this format change will break interop with Katana. However the ICookieManager could be replaced there to read the modified format. @HaoK is this a problem for the interop work you did?

[HaoK]

Did you change the TicketSerializer?

[Tratcher]

No, I changed the format of the first cookie from key=chunks:2 to key=chunks-2 because the : would be escaped by the response cookies API.

[HaoK]

Well I guess if katana is broken by definition the cookie interop will be as well regardless.

[Tratcher]

Should I add a compatible cookie manager to the interop package?

[kevinchalet]

Should I add a compatible cookie manager to the interop package?

If you want to bring back a dependency on the OWIN cookies package, that would be great to do that in a separate package (something like Microsoft.Owin.Security.Cookies.Interop).

[HaoK]

Is cookie chunking on by default?

On Wed, May 25, 2016 at 11:03 AM, Chris R [email protected] wrote:

Should I add a compatible cookie manager to the interop package?

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#843 (comment)

[Tratcher]

Yes, chunking is on by default, but it only takes effect if the cookie is over 4kb. This happens pretty often for OIDC.

[HaoK]

A cookie interop package is good since it would be a better home for the extensions methods needed for cookie data protection sharing than the Identity compat package.

[Tratcher]

Updated. I was able to add a compatible ChunkingCookieManager to the interop package without adding any dependencies because the old interface was in the Microsoft.Owin package.

[kevinchalet]

I was able to add a compatible ChunkingCookieManager to the interop package without adding any dependencies because the old interface was in the Microsoft.Owin package.

Nice 👍

[HaoK]

Nice