#69 - Properly delete Twitter state cookie.

2014-10-10 11:54:26 -07:00 · 2014-10-10 11:54:26 -07:00 · 3e88f44552
parent 2e65a40555
commit 3e88f44552
1 changed files with 7 additions and 1 deletions
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@ -104,7 +104,13 @@ namespace Microsoft.AspNet.Security.Twitter
                    ClaimsIdentity.DefaultRoleClaimType);
                context.Properties = requestToken.Properties;

-                Response.Cookies.Delete(StateCookie);
+                var cookieOptions = new CookieOptions
+                {
+                    HttpOnly = true,
+                    Secure = Request.IsSecure
+                };
+
+                Response.Cookies.Delete(StateCookie, cookieOptions);

                await Options.Notifications.Authenticated(context);