Properly delete the correlation cookie. See Katana #230.

Tratcher · Tratcher · commit a9e40ac895ca · 2014-09-12T12:41:19.000-07:00
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -362,7 +362,12 @@ protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properti
                 return false;
             }
 
-            Response.Cookies.Delete(correlationKey);
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsSecure
+            };
+            Response.Cookies.Delete(correlationKey, cookieOptions);
 
             string correlationExtra;
             if (!properties.Dictionary.TryGetValue(
