OWIN cookie based authentication middleware can't change cookie name

Question

I am trying to rename the authentication cookie by doing the following:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/account/login"),
    CookieSecure = CookieSecureOption.SameAsRequest,
    SlidingExpiration = false,
    CookieName = "mycookiename"
});

When I run the app from IIS Express and check the cookie name in Fiddler, the cookie name is set to "mycookiename" as expected. However, when I deploy the site, the cookie name is still set as ".AspNet.ApplicationCookie". Is there something I'm missing on how to get this change to work? Is there something in IIS that can override my application settings?

score 0 · Answer 1 · answered Aug 10 '15 at 13:44

0

IIS has own session configuration in session state. You can try put into web.config:

<sessionState cookieless="UseCookies" cookieName="mycookiename" mode="InProc" useHostingIdentity="true" />

For more info visit MSDN website: https://technet.microsoft.com/pl-pl/library/cc754450%28v=ws.10%29.aspx

answered Aug 10 '15 at 13:44

Adrian Tarnowski

396
3
7

1

this will set the session cookie not the authentication cookie . – Vitor Canova Aug 15 '16 at 16:05

OWIN cookie based authentication middleware can't change cookie name

1 Answers1