Skip to content

Unifying API for configuring cookie settings #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
natemcmaster opened this issue Jun 30, 2017 · 0 comments
Open

Unifying API for configuring cookie settings #257

natemcmaster opened this issue Jun 30, 2017 · 0 comments
Labels
2.0.0 Announcement Breaking change
Milestone
2.0.0

Comments

@natemcmaster
Copy link
Contributor

natemcmaster commented Jun 30, 2017
edited
Loading

2.0.0 will introduce changes that help unify API for configuring cookie settings in various ASP.NET Core components.

The current API will be marked [Obsolete] and removed in a future version. Although these obsolete API will continue to function as they do in 1.x, we recommend moving to the new API soon. (See below).

For more discussion on this issue, use aspnet/HttpAbstractions#853.

Associated PRs:
aspnet/HttpAbstractions#882
aspnet/Security#1284
aspnet/Security#1285
aspnet/Session#173
aspnet/Mvc#6472
aspnet/Antiforgery#148

Recommended changes

Update your code from the obsolete API to the new API.

Antiforgery

public void ConfigureServices(ServiceCollection services)
{
    services.AddAntiforgery(options =>
    {
        // obsolete
        options.CookieName = "AntiforgeryCookie";
        options.CookieDomain = "contoso.com";
        options.CookiePath = "/";
        options.RequireSsl = true;
        // new API
        options.Cookie.Name = "AntiforgeryCookie";
        options.Cookie.Domain = "contoso.com";
        options.Cookie.Path = "/";
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    });
}

Session

public void ConfigureServices(ServiceCollection services)
{
    services.AddSession(options =>
    {
        // obsolete
        options.CookieName = "SessionCookie";
        options.CookieDomain = "contoso.com";
        options.CookiePath = "/";
        options.CookieHttpOnly = true;
        options.CookieSecure = CookieSecurePolicy.Always;
        // new API
        options.Cookie.Name = "SessionCookie";
        options.Cookie.Domain = "contoso.com";
        options.Cookie.Path = "/";
        options.Cookie.HttpOnly = true;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    });
}

Cookie authentication

public void ConfigureServices(ServiceCollection services)
{
    // same is applies anywhere CookieAuthenticationOptions is used,
    // such as `services.AddCookieAuthentication(Action<CookieAuthenticationOptions> configureOptions)`
    app.AddAuthentication()
        .AddCookie(options =>
        {
            // obsolete
            options.CookieName = "AuthCookie";
            options.CookieDomain = "contoso.com";
            options.CookiePath = "/";
            options.CookieHttpOnly = true;
            options.CookieSameSite = SameSiteMode.Lax;
            options.CookieSecure = CookieSecurePolicy.Always;

            // new API
            options.Cookie.Name = "AuthCookie";
            options.Cookie.Domain = "contoso.com";
            options.Cookie.Path = "/";
            options.Cookie.HttpOnly = true;
            options.Cookie.SameSite = SameSiteMode.Lax;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        });
}

MVC

public void ConfigureServices(ServiceCollection services)
{
    app.AddMvc()
        .AddCookieTempDataProvider(options =>
        {
            // obsolete
            options.CookieName = "TempDataCookie";
            options.Domain = "contoso.com";
            options.Path = "/";

            // new API
            options.Cookie.Name = "TempDataCookie";
            options.Cookie.Domain = "contoso.com";
            options.Cookie.Path = "/";
        });
}
@natemcmaster natemcmaster added this to the 2.0.0 milestone Jun 30, 2017
@aspnet aspnet locked and limited conversation to collaborators Jun 30, 2017
@danroth27 danroth27 added 2.0.0 and removed 2.0.0 labels Aug 3, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
2.0.0 Announcement Breaking change
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
2 participants
@danroth27 @natemcmaster