Bind the cookie to ITlsTokenBindingFeature

[aspnet-hello]

From @Tratcher on Friday, April 29, 2016 1:19:33 PM

If the cookie is marked as Secure (aspnet/Session#106), bind it to the TLS token (https://github.com/aspnet/Security/issues/773, https://github.com/aspnet/IISIntegration/issues/31)

Copied from original issue: aspnet/Session#110

[aspnet-hello]

From @Tratcher on Wednesday, September 21, 2016 4:16:38 PM

@muratg this should be backlogged, the underlying infrastructure from IIS, WebListener, and Kestrel.Https isn't ready.

[brockallen]

I know this has mainly fizzled due to chrome, but if/when this is enabled, you will need to keep in mind that the Katana cookie and data protection integration will also need to do the same to ensure cookies issued by ASP.NET Core with the binding can be consumed by the Katana cookie handler (and vice versa). // @blowdart @Tratcher

[Tratcher]

@blowdart also closing this one as indefinitely blocked.