ASP.NET Mvc Api: Set cookie then 302/303 Redirect loses the cookie
I found the answer. The scope is not set. In my original code the following line is missing.
cookie.Path = "/";
Because redirecting to another page, even if under the same domain, the cookie is not valid across different pages. If path is not set, then the cookie is only valid with the original request targeting http://localhost/login?authcode=xxx
Today I learnt that I need to carefully examine the domain and the path attribute of the cookie before claiming that somebody ate it.