"Error unprotecting the session cookie" exception

Question

i have an Asp.NET MVC application with this Authentication setup:

ConfigureServices():

services.AddSession()
services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);

Configure():

        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
        {
            ClientId = "xx",
            Authority = "xx",
            Events = new OpenIdConnectEvents { OnRemoteFailure = this.OnAuthenticationFailed }
        });

When hosted in IIS, some users get this exception:

Microsoft.AspNetCore.Session.SessionMiddleware, 
      Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {9ec59def-874e-45df-9bac-d629f5716a04} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)

I have run this on the hosting server https://github.com/aspnet/DataProtection/blob/dev/Provision-AutoGenKeys.ps1

Web has only HTTPS binding, SSL certificate is ok and signed. What might cause this issue? What actually is that "key" value?

Answer 1

services.AddSession(options => {
    options.IdleTimeout = TimeSpan.FromHours(12);
    options.Cookie.Name = ".yourApp.Session"; // <--- Add line
    options.Cookie.IsEssential = true;
});