This repository was archived by the owner on Nov 22, 2018. It is now read-only.
This repository was archived by the owner on Nov 22, 2018. It is now read-only.
Apply IDataProtection to the session cookie value #105
Closed
Description
The session cookie values are opaque GUIDs used to look up entries in the IDistributedCache. However, we don't have any verification saying we actually issued said cookie. Use IDataProtection to sign and validate the value. Otherwise ignore it and create a new session.