CookieAuthenticationOptions.Cookie Property


Determines the settings used to create the cookie.

SameSite defaults to Lax. HttpOnly defaults to true. SecurePolicy defaults to SameAsRequest.

 property Microsoft::AspNetCore::Http::CookieBuilder ^ Cookie { Microsoft::AspNetCore::Http::CookieBuilder ^ get(); void set(Microsoft::AspNetCore::Http::CookieBuilder ^ value); };
public Microsoft.AspNetCore.Http.CookieBuilder Cookie { get; set; }
member this.Cookie : Microsoft.AspNetCore.Http.CookieBuilder with get, set
Public Property Cookie As CookieBuilder

Property Value



The default value for cookie Name is ".AspNetCore.Cookies". This value should be changed if you change the name of the AuthenticationScheme, especially if your system uses the cookie authentication handler multiple times.

SameSite determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe HTTP methods and same-site requests.

HttpOnly determines if the browser should allow the cookie to be accessed by client-side javascript. The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.

Expiration is currently ignored. Use ExpireTimeSpan to control lifetime of cookie authentication.

Applies to