Aspnetcore.docs: Create a doc about using the cookie APIs in ASP.NET Core

Created on 5 Jan 2018  路  10Comments  路  Source: dotnet/AspNetCore.Docs

ASP.NET Core includes a number of API areas for working with cookies. The APIs go beyond the simple "get and set cookies" for the request and response and include new APIs for controlling the various policy options around cookies (see Microsoft.AspNetCore.CookiePolicy).

The doc should also detail the default options and policy applied to the various cookies the framework itself issues. I'd likely place it in the "Fundamentals" section, with potential cross-reference from the "Security" section.

@Tratcher

GII P1 doc-enhancement
Source
picture DamianEdwards

Most helpful comment

Ah, yes, that's the temp data cookie.

picture Tratcher on 4 Jul 2019
👍2

All 10 comments

@DamianEdwards are you suggesting @Tratcher write the first draft. We don't have the expertise to author this.

Once we get a draft, we can publish within a week.

Rick-Anderson picture Rick-Anderson on 9 Jan 2018

Want to do our usual interview?

Tratcher picture Tratcher on 9 Jan 2018

@scottaddie set up a skype with @Tratcher when you have time to work on this.

Rick-Anderson picture Rick-Anderson on 10 Jan 2018
👍1

RE: https://github.com/aspnet/Home/issues/3432

Tratcher picture Tratcher on 15 Aug 2018

@serpent5 is this something you'd be interested in working on?

Rick-Anderson picture Rick-Anderson on 14 May 2019

Yeah, sure - I'm happy to take a look at this.

serpent5 picture serpent5 on 15 May 2019
👍1

I've been looking into the areas that might need describing for this. Here's a list of the cookies I've discovered that are set by the framework (default names listed):

  • .AspNetCore.Antiforgery.XXX
  • .AspNetCore.Consent
  • .AspNetCore.Cookies

    • .AspNetCore.Identity.Application

    • .AspNetCore.Identity.External

    • .AspNetCore.Identity.TwoFactorRememberMe

    • .AspNetCore.Identity.TwoFactorUserId

  • .AspNetCore.Mvc.CookieTempDataProvider

I've listed the Identity cookies underneath .AspNetCore.Cookies as these are all specialisations of the AddCookie stuff.

As for the API areas, I know of these pieces that might need describing:

  • IResponseCookies
  • CookieBuilder
  • CookiePolicyOptions
  • CookieAuthenticationOptions
  • ConfigureApplicationCookie

Two initial questions:

  1. What have I missed?
  2. What have I included that shouldn't be?

Note that CookieBuilder, CookiePolicyOptions and CookieAuthenticationOptions have good coverage in Use cookie authentication without ASP.NET Core Identity. Perhaps CookieBuilder and CookiePolicyOptions could be pulled out and xrefed?

serpent5 picture serpent5 on 1 Jun 2019

Additional cookies:

  • Session
  • Temp data

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-2.2

Tratcher picture Tratcher on 2 Jun 2019

Thanks @Tratcher. Sorry I haven't been back here sooner, but I've been trying to help with some other docs stuff in the meantime. I'm going to try and have a stab at this one next... Am I right in thinking that "Temp data" is .AspNetCore.Mvc.CookieTempDataProvider from those I listed above?

Does anyone subscribed to this issue have any input on the API areas I listed above?

serpent5 picture serpent5 on 4 Jul 2019

Ah, yes, that's the temp data cookie.

Tratcher picture Tratcher on 4 Jul 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

madelson picture madelson  路  3Comments
Rick-Anderson picture Rick-Anderson  路  3Comments
aaron-bozit picture aaron-bozit  路  3Comments
fabich picture fabich  路  3Comments
danroth27 picture danroth27  路  3Comments