Properly delete the correlation cookie. See Katana #230.

2014-09-09 16:17:46 -07:00 · 2014-09-09 16:17:46 -07:00 · a9e40ac895
parent b10cda80a7
commit a9e40ac895
1 changed files with 6 additions and 1 deletions
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@ -362,7 +362,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
                return false;
            }

-            Response.Cookies.Delete(correlationKey);
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsSecure
+            };
+            Response.Cookies.Delete(correlationKey, cookieOptions);

            string correlationExtra;
            if (!properties.Dictionary.TryGetValue(