Open keidyz opened 1 year ago
I'm also facing this issue. Although with using APIM as backend. When ever a Set-Cookie header contains an Expires attribute that is expired the header is removed from the response by the static web app proxy.
As a consequents of this we are not able to use the API backend to set and expire authentication cookies used by cookie authentication in dotnet core.
How do we fix this?
@ndamkjaer What I used instead of Expires
is Max-Age
; Like Max-Age=0
to indicate that the cookie should immediately expire.
It worked pretty well.
Same issue here. Works locally, but not deployed to swa.
The bug makes the SignOutAsync()
function of .Net Cookie Authentication unusable when communicating with a Static Web App, as it uses Expires
in the set-cookie
header
@keidyz solution is a nice workaround: Manually added a Set-Cookie
header with Max-age
to the response.
Describe the bug When the managed function returns a response with the "Set-Cookie" header, the set cookie header would not exist if it has an expiry attribute that is set to a past date
To Reproduce Steps to reproduce the behavior:
Set-Cookie
header and set its value to_test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure
Set-Cookie
headerExpected behavior
Set-Cookie
should always appear regardless of expiry attribute being expiredDevice info (if applicable):
Additional context Works locally, issue only arises when deployed to Azure