From 3e88f44552da8e5395cc80d390ce1c9407408e16 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 10 Oct 2014 11:54:26 -0700
Subject: [PATCH] #69 - Properly delete Twitter state cookie.

---
 .../TwitterAuthenticationHandler.cs                       | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index 7fbb4fbc3a..7eeac5702d 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -104,7 +104,13 @@ namespace Microsoft.AspNet.Security.Twitter
                     ClaimsIdentity.DefaultRoleClaimType);
                 context.Properties = requestToken.Properties;
 
-                Response.Cookies.Delete(StateCookie);
+                var cookieOptions = new CookieOptions
+                {
+                    HttpOnly = true,
+                    Secure = Request.IsSecure
+                };
+
+                Response.Cookies.Delete(StateCookie, cookieOptions);
 
                 await Options.Notifications.Authenticated(context);