diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 9a26667aca..b147181af4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -164,7 +164,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
return;
}
- // REVIEW: Should this check if there was an error, and then if that error was already handled??
var ticket = (await HandleAuthenticateOnceSafeAsync())?.Ticket;
if (ticket != null)
{
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index d0528186c0..1e642d82dd 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -234,9 +234,8 @@ namespace Microsoft.AspNetCore.Authentication
}
///
- /// Handle the authentication for once.
- ///
- /// If the authentication has been done before returns the last authentication result.
+ /// Used to ensure HandleAuthenticateAsync is only invoked once. The subsequent calls
+ /// will return the same authenticate result.
///
protected Task HandleAuthenticateOnceAsync()
{
@@ -249,11 +248,9 @@ namespace Microsoft.AspNetCore.Authentication
}
///
- /// Handle the authentication for once.
- ///
- /// If the authentication has been done before returns the last authentication result.
- /// This method won't throw exception. Any exception thrown during the authentication will be convert
- /// to a AuthenticateResult.
+ /// Used to ensure HandleAuthenticateAsync is only invoked once safely. The subsequent
+ /// calls will return the same authentication result. Any exceptions will be converted
+ /// into a failed authenticatoin result containing the exception.
///
protected async Task HandleAuthenticateOnceSafeAsync()
{