I’m creating an ASP.Net Core 2.2 application. Our security team wants us to use the httpOnly flag. So I did it like this:
app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = AspNetCore.CookiePolicy.HttpOnlyPolicy.None,
});
But now I receive an error message when I am forwarded back to my app from OKTA:
Exception: Correlation failed.
Unknown location
Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
But when I remove the httpOnly policy, authentication works great! I don’t really know how httpOnly works.