brbeaird
commented
4 months ago I found some more detail on this. The cookie is being created in OAuthLoginBase.cs. That class assumes the oauth information will include a UserGuidKey and value, but those apparently are blank with how I have set this up, which results in a cookie that breaks ASP. I cannot tell how that UserGuidKey normally gets set.
We (unfortunately) still have a few Classic ASP.NET apps running on our IIS server, and we discovered that when the AzureUserToken cookie is present after logging in through Azure, it breaks the ability to the ASP apps to call Request.Cookies(). It seems to be they cannot handle non-encoded strings.
I am not exactly sure that we need this cookie anyway - is there any way to skip its creation? Or is there a way to store it URL-encoded?