Use SystemWebCookieManager/SystemWebChunkingCookieManager by default …

…on SystemWeb

src/Microsoft.Owin.Host.SystemWeb/Constants.cs

@@ -57,5 +57,7 @@ internal static class Constants
         internal const string CacheControl = "Cache-Control";
 
         internal const string SecurityDataProtectionProvider = "security.DataProtectionProvider";
+        internal const string InfrastructureCookieManager = "infrastructure.CookieManager";
+        internal const string InfrastructureChunkingCookieManager = "infrastructure.ChunkingCookieManager";
     }
 }

src/Microsoft.Owin.Host.SystemWeb/OwinAppContext.cs

@@ -59,6 +59,8 @@ internal void Initialize(Action<IAppBuilder> startup)
             builder.Properties[Constants.HostReferencedAssemblies] = new ReferencedAssembliesWrapper();
             builder.Properties[Constants.ServerCapabilitiesKey] = Capabilities;
             builder.Properties[Constants.SecurityDataProtectionProvider] = new MachineKeyDataProtectionProvider().ToOwinFunction();
+            builder.Properties[Constants.InfrastructureCookieManager] = new SystemWebCookieManager();
+            builder.Properties[Constants.InfrastructureChunkingCookieManager] = new SystemWebChunkingCookieManager();
             builder.SetLoggerFactory(new DiagnosticsLoggerFactory());
 
             Capabilities[Constants.SendFileVersionKey] = Constants.SendFileVersion;

src/Microsoft.Owin.Security.Cookies/CookieAuthenticationMiddleware.cs

@@ -27,6 +27,10 @@ public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAut
         public CookieAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, CookieAuthenticationOptions options)
             : base(next, options)
         {
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetChunkingCookieManager() ?? new ChunkingCookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new CookieAuthenticationProvider();
@@ -46,10 +50,6 @@ public CookieAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, Cook
 
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
-            if (Options.CookieManager == null)
-            {
-                Options.CookieManager = new ChunkingCookieManager();
-            }
         }
 
         /// <summary>

src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -45,6 +46,10 @@ public FacebookAuthenticationMiddleware(
 
             _logger = app.CreateLogger<FacebookAuthenticationMiddleware>();
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new FacebookAuthenticationProvider();

src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationOptions.cs

@@ -31,7 +31,6 @@ public FacebookAuthenticationOptions()
             BackchannelTimeout = TimeSpan.FromSeconds(60);
             SendAppSecretProof = true;
             _fields = new HashSet<string>();
-            CookieManager = new CookieManager();
 
             AuthorizationEndpoint = Constants.AuthorizationEndpoint;
             TokenEndpoint = Constants.TokenEndpoint;

src/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -47,6 +48,10 @@ public GoogleOAuth2AuthenticationMiddleware(
 
             _logger = app.CreateLogger<GoogleOAuth2AuthenticationMiddleware>();
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new GoogleOAuth2AuthenticationProvider();

src/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationOptions.cs

@@ -29,7 +29,6 @@ public GoogleOAuth2AuthenticationOptions()
             AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-            CookieManager = new CookieManager();
 
             AuthorizationEndpoint = Constants.AuthorizationEndpoint;
             TokenEndpoint = Constants.TokenEndpoint;

src/Microsoft.Owin.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -45,6 +46,10 @@ public MicrosoftAccountAuthenticationMiddleware(
 
             _logger = app.CreateLogger<MicrosoftAccountAuthenticationMiddleware>();
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new MicrosoftAccountAuthenticationProvider();

src/Microsoft.Owin.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs

@@ -26,7 +26,6 @@ public MicrosoftAccountAuthenticationOptions() : base(Constants.DefaultAuthentic
             AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-            CookieManager = new CookieManager();
 
             AuthorizationEndpoint = Constants.AuthorizationEndpoint;
             TokenEndpoint = Constants.TokenEndpoint;

src/Microsoft.Owin.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs

@@ -6,6 +6,7 @@
 using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -38,6 +39,10 @@ public OpenIdConnectAuthenticationMiddleware(OwinMiddleware next, IAppBuilder ap
                 Options.TokenValidationParameters.AuthenticationType = app.GetDefaultSignInAsAuthenticationType();
             }
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetCookieManager() ?? new CookieManager();
+            }
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = app.CreateDataProtector(

src/Microsoft.Owin.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs

@@ -70,7 +70,6 @@ public OpenIdConnectAuthenticationOptions(string authenticationType)
             RequireHttpsMetadata = true;
             TokenValidationParameters = new TokenValidationParameters();
             UseTokenLifetime = true;
-            CookieManager = new CookieManager();
             RedeemCode = false;
             UsePkce = true;
         }

src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataHandler.Encoder;
@@ -48,6 +49,10 @@ public TwitterAuthenticationMiddleware(
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerKey"));
             }
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new TwitterAuthenticationProvider();

src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationOptions.cs

@@ -26,7 +26,6 @@ public TwitterAuthenticationOptions()
             CallbackPath = new PathString("/signin-twitter");
             AuthenticationMode = AuthenticationMode.Passive;
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-            CookieManager = new CookieManager();
         }
 
         /// <summary>

src/Microsoft.Owin/Extensions/AppBuilderCookieExtensions.cs

@@ -0,0 +1,77 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.Owin.Infrastructure;
+using Owin;
+
+namespace Microsoft.Owin
+{
+    /// <summary>
+    /// Extension methods for IAppBuilder.
+    /// </summary>
+    public static class AppBuilderCookieExtensions
+    {
+        public static void SetCookieManager(this IAppBuilder app, ICookieManager manager)
+        {
+            if (app is null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            app.SetCookieManager("infrastructure.CookieManager", manager);
+        }
+
+        public static void SetChunkingCookieManager(this IAppBuilder app, ICookieManager manager)
+        {
+            if (app is null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            app.SetCookieManager("infrastructure.ChunkingCookieManager", manager);
+        }
+
+        public static ICookieManager GetCookieManager(this IAppBuilder app)
+        {
+            if (app is null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            return app.GetCookieManager("infrastructure.CookieManager");
+        }
+
+        public static ICookieManager GetChunkingCookieManager(this IAppBuilder app)
+        {
+            if (app is null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            return app.GetCookieManager("infrastructure.ChunkingCookieManager");
+        }
+
+        private static void SetCookieManager(this IAppBuilder app, string name, ICookieManager manager)
+        {
+            if (manager is null)
+            {
+                app.Properties.Remove(name);
+            }
+            else
+            {
+                app.Properties[name] = manager;
+            }
+        }
+
+        private static ICookieManager GetCookieManager(this IAppBuilder app, string name)
+        {
+            if (app.Properties.TryGetValue(name, out object value) && value is ICookieManager manager)
+            {
+                return manager;
+            }
+
+            return null;
+        }
+    }
+}