Postman is not using cookie

The cookie in question cannot legally be sent over an HTTP connection because its secure attribute is set.

For some reason, mysite_cookie has its secure attribute set differently from social_auth_cookie, either because you are setting it in code...

var cookie = new HttpCookie("mysite_cookie", cookieValue);cookie.Secure = true;

...or because the service is configured to automatically set it, e.g. with something like this in web.config:

<httpCookies httpOnlyCookies="true" requireSSL="true"/>

The flag could also potentially set by a network device (e.g. an SSL offloading appliance) in a production environment. But that's not very likely in your dev environment.

I suggest you try to same code base but over an https connection. If you are working on code that affects authentication mechanisms, you really really ought to set up your development environment with SSL anyway, or else you are going to miss a lot of bugs, and you won't be able to perform any meaningful pen testing or app scanning for potential threats.

You don't need to worry about cookies if you have them on your browser.

You can use your browser cookies by installing Postman Interceptor extension (left side of "In Sync" button).

I have been running into this issue recently with ASP.NET core 2.0. ASP.NET Core 1.1 however seems to be working just fine and the cookies are getting set in Postman