Determine how CookieOptions.IsEssential applies to ChangeCookieAction

aspnet / BasicMiddleware

[Archived] Basic middleware components for ASP.NET Core. Project moved to https://github.com/aspnet/AspNetCore

Apache License 2.0

169 stars 84 forks source link

Determine how CookieOptions.IsEssential applies to ChangeCookieAction #283

Closed Tratcher closed 6 years ago

Tratcher commented 6 years ago

https://github.com/aspnet/BasicMiddleware/blob/f813ee4d970dc7130acd4afd410cb95ab2305cfa/src/Microsoft.AspNetCore.Rewrite/Internal/UrlActions/ChangeCookieAction.cs#L43

RE: aspnet/Security#1561

When this new policy is applied all non-essential cookies will be suppressed. We need to determine how that applies in this context. How would someone configure it?

@blowdart, @jkotalik

jkotalik commented 6 years ago

Interesting. As these actions are only obtained from ModRewrite rules, it would be tough to make changing the cookie configurable without changing the syntax. We could add a property on the RewriteOptions to say someone if the cookies are essential or not.

muratg commented 6 years ago

If we get to the decision by preview1, we can bring this back. Otherwise, postponing the bug to the next preview.

muratg commented 6 years ago

Bringing back to triage.

muratg commented 6 years ago

Triage decision: closing this. If we hear from folks that they want/need this, we'll reconsider.