Add general property bag to cookies to support potential new cookie "standards"

[blowdart]

Problem

Google in their quest to remove third party cookies are proposing moving to yet another cookie standard.

It's both better than, and worse than the same site changes we had to go through before to keep oauth's lights on for IdPs that couldn't support more modern flows.

The CHIPS proposal adds new attributes to cookies, and as we've traditionally had strong properties on cookies any new cookie property needs a lot of work to support, and we end up having a slow reaction.

Potential solution

I propose a general property bag of names and values (with values allowing for NULL) for outbound cookie properties, which would allow customers to be more flexible in what gets added as a cookie property and not have to wait for us to push new code to test out a standard which may, or may not get ratified.

Of course the property bag would have to nicely sync with the existing "strong" properties.

[Tratcher]

Design point: both key= and key can be valid formats depending on the parameter. We might not know how to properly format entries from a key-value collection. A List<string> might be better, or even a flat string for people to append extra stuff to.

Thanks for contacting us.

We're moving this issue to the .NET 7 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[blowdart]

@adityamandaleeka weve been asked by a couple of internal teams to make this available, rather than it just being me planning.

Please assign to a milestone coming soon so it doesn't get lost and adjust priority upwards as you see fit.

[Tratcher]

A contributor added SetCookieHeaderValue.Extensions back in 5.0 that should work for this. This covers the lowest layer that parses and serializes cookies.
https://docs.microsoft.com/en-us/dotnet/api/microsoft.net.http.headers.setcookieheadervalue.extensions
#22181

The next layer up that we need to add this to is CookieOptions and then CookieBuilder:
https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.cookieoptions
https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.cookiebuilder

These two APIs are used most places we work with cookies, like HttpResponse.Cookies.Append and CookieAuthenticationOptions, so we shouldn't have to do much additional work to expose it on individual components.