CookieAuthenticationHandler, in case using SessionStore, cookieOptions.Expire is not set on renewal

[JaapMosselman]

I think I found an issue in Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler class, method FinishResponseAsync. There is a line of where cookieOptions.Expire property is set if IsPersistent is true. The problem is that, in case of using a SessionStore, ticket.Properties.IsPersistent is always false, because in that case ticket is assigned a new instance with clean options.
So the cookie send to the browser is now a session cookie and when the browser is closed and reopened, the user must login again.

[troydai]

I'm investigating.

[troydai]

Good catch. A fix is being worked on.

[JaapMosselman]

Great. Actually I discovered this problem in my current project which uses Microsoft.Owin.Security.Cookies. I also created an issue at the Katana project, but there seems to be no activity.
After I found the problem, I just thought: lets look if the problem still exists in the aspnet core code :-)

[troydai]

Thanks for reporting the issue, @JaapMosselman !

[troydai]

0152691