Response cookies Append inconsistently applies SameSite default

Question

Response cookies Append inconsistently applies SameSite default

Tratcher opened this issue 8 years ago · 1 comments

The two Append overloads have inconsistent behavior for the samesite property that was added in 2.0.

                context.Response.Cookies.Append("Name1", "Value1");
                context.Response.Cookies.Append("Name2", "Value2", new CookieOptions());

Set-Cookie:Name1=Value1; path=/
Set-Cookie:Name2=Value2; path=/; samesite=lax

The two overloads should have the same defaults.

I noticed because we're making changes to CookiePolicy for http://github.com/aspnet/Security/issues/1561 and adding it to the templates. This will have the side-effect of causing the Append API to consistently use the second overload's behavior.

Answer 1 · 2018-01-02T02:06:44.000Z

This issue was moved to dotnet/aspnetcore#2675