CookieAuthenticationOptions.Cookie Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Determines the settings used to create the cookie.
SameSite defaults to Lax.
HttpOnly defaults to true
.
SecurePolicy defaults to SameAsRequest.
public:
property Microsoft::AspNetCore::Http::CookieBuilder ^ Cookie { Microsoft::AspNetCore::Http::CookieBuilder ^ get(); void set(Microsoft::AspNetCore::Http::CookieBuilder ^ value); };
public Microsoft.AspNetCore.Http.CookieBuilder Cookie { get; set; }
member this.Cookie : Microsoft.AspNetCore.Http.CookieBuilder with get, set
Public Property Cookie As CookieBuilder
Property Value
Remarks
The default value for cookie Name is ".AspNetCore.Cookies". This value should be changed if you change the name of the AuthenticationScheme
, especially if your system uses the cookie authentication handler multiple times.
SameSite determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The default is Lax
, which means the cookie is only allowed to be attached to cross-site requests using safe HTTP methods and same-site requests.
HttpOnly determines if the browser should allow the cookie to be accessed by client-side javascript. The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
Expiration is currently ignored. Use ExpireTimeSpan to control lifetime of cookie authentication.