set cookies to IsEssential #2554

IdentityServer · Oct 3, 2018 · 77860f3 · 77860f3
1 parent e52b862
commit 77860f3
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/src/Configuration/DependencyInjection/ConfigureInternalCookieOptions.cs b/src/Configuration/DependencyInjection/ConfigureInternalCookieOptions.cs
@@ -26,6 +26,7 @@ public void Configure(string name, CookieAuthenticationOptions options)
                 options.SlidingExpiration = _idsrv.Authentication.CookieSlidingExpiration;
                 options.ExpireTimeSpan = _idsrv.Authentication.CookieLifetime;
                 options.Cookie.Name = IdentityServerConstants.DefaultCookieAuthenticationScheme;
+                options.Cookie.IsEssential = true;
                 options.Cookie.SameSite = SameSiteMode.None;
 
                 options.LoginPath = ExtractLocalUrl(_idsrv.UserInteraction.LoginUrl);
@@ -39,6 +40,7 @@ public void Configure(string name, CookieAuthenticationOptions options)
             if (name == IdentityServerConstants.ExternalCookieAuthenticationScheme)
             {
                 options.Cookie.Name = IdentityServerConstants.ExternalCookieAuthenticationScheme;
+                options.Cookie.IsEssential = true;
                 // https://github.com/IdentityServer/IdentityServer4/issues/2595
                 // need to set None because iOS 12 safari considers the POST back to the client from the 
                 // IdP as not safe, so cookies issued from response (with lax) then should not be honored.

diff --git a/src/Infrastructure/MessageCookie.cs b/src/Infrastructure/MessageCookie.cs
@@ -90,7 +90,8 @@ public void Write(string id, Message<TModel> message)
                 {
                     HttpOnly = true,
                     Secure = Secure,
-                    Path = CookiePath
+                    Path = CookiePath,
+                    IsEssential = true,
                     // don't need to set same-site since cookie is expected to be sent
                     // to only another page in this host. 
                 });
@@ -138,7 +139,8 @@ private void ClearByCookieName(string name)
                     Expires = new DateTime(2000, 1, 1),
                     HttpOnly = true,
                     Secure = Secure,
-                    Path = CookiePath
+                    Path = CookiePath,
+                    IsEssential = true,
                 });
         }
 

diff --git a/src/Services/Default/DefaultUserSession.cs b/src/Services/Default/DefaultUserSession.cs
@@ -376,6 +376,7 @@ private CookieOptions CreateSessionIdCookieOptions()
                 HttpOnly = false,
                 Secure = secure,
                 Path = path,
+                IsEssential = true,
                 SameSite = SameSiteMode.None
             };