.NET Core 3.1, Vue, Axios and [ValidateAntiForgeryToken]

As discussed in the comments on your question. I have a feint memory of it being related to the ordering of something in the AppStartup. Here is a dump of what I have. This currently works (well seems to).

    /// <summary>    /// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.    /// </summary>    /// <param name="app">The <see cref="IApplicationBuilder"/>.</param>    /// <param name="env">The <see cref="IHostingEnvironment"/>.</param>    /// <param name="antiforgery">Enables setting of the antiforgery token to be served to the user.</param>    public void Configure(IApplicationBuilder app, IHostingEnvironment env, IAntiforgery antiforgery)    {        if (env.IsDevelopment())        {            app.UseDeveloperExceptionPage();            app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions            {                HotModuleReplacement = true,            });        }        app.UseSession();        app.UseHttpsRedirection();        app.UseStaticFiles();        // global cors policy        app.UseCors(x => x            .AllowAnyOrigin()            .AllowAnyMethod()            .AllowAnyHeader());        // Authenticate before the user accesses secure resources.        app.UseAuthentication();        app.Use(next => context =>        {            string path = context.Request.Path.Value;            if (path.IndexOf("a", StringComparison.OrdinalIgnoreCase) != -1 || path.IndexOf("b", StringComparison.OrdinalIgnoreCase) != -1)            {                // The request token can be sent as a JavaScript-readable cookie,                // and Angular uses it by default.                var tokens = antiforgery.GetAndStoreTokens(context);                context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });            }            return next(context);        });        app.Use(next => context =>        {            string timezone = context.Request.Headers["Timezone"];            if (!string.IsNullOrEmpty(timezone))            {                context.Session.SetString(nameof(HttpContextSessionValues.SessionStrings.Timezone), timezone);            }            return next(context);        });        app.UseExceptionHandler(errorApp =>        {            errorApp.Run(async context =>            {                context.Response.StatusCode = 500;                context.Response.ContentType = "text/html";                var exHandlerFeature = context.Features.Get<IExceptionHandlerFeature>();                var exception = exHandlerFeature.Error;                if (exception is PresentableException)                {                    await context.Response.WriteAsync(exception.Message).ConfigureAwait(false);                }                else                {                    await context.Response.WriteAsync("An Unexpected error has occured. You may need to try again.").ConfigureAwait(false);                }            });        });        app.UseHsts();        app.UseMvc(routes =>        {            routes.MapRoute(                name: "default",                template: "{controller=Home}/{action=Index}/{id?}");            routes.MapSpaFallbackRoute(                name: "spa-fallback",                defaults: new { controller = "Home", action = "Index" });        });    }

Where is definition of HttpContextSessionValues.SessionStrings.Timezone ?