From a9e40ac895cadf4bea118c1e6eee69d1434db1cb Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 16:17:46 -0700
Subject: [PATCH] Properly delete the correlation cookie. See Katana #230.

---
 .../Infrastructure/AuthenticationHandler.cs                | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 7970caa3a2..f7e5adc342 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -362,7 +362,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 return false;
             }
 
-            Response.Cookies.Delete(correlationKey);
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsSecure
+            };
+            Response.Cookies.Delete(correlationKey, cookieOptions);
 
             string correlationExtra;
             if (!properties.Dictionary.TryGetValue(