Basically, Microsoft has some newer libraries (referred to as OWIN in that article) meant to work with both .NET Core and the full framework, and to achieve platform independence required by .NET Core, they manage cookies in a different way than the older/standard .NET approach (referred to as System.Web in that article), to decouple it from IIS/Windows. For a single web request, it should be safe to use one approach or the other, but unfortunately when the approaches are mixed, we can see unexpected results.
In our case, we had set the XSRF cookie in the response using the OWIN library, and it seems that somewhere in the response pipeline, APM may have done some operations using a System.Web.HttpCookie (in my testing, adding and then immediately removing a System.Web.HttpCookie, even if it has a different name than the OWIN cookie, ends up removing the OWIN cookie from the response – whether this operation comes before or after the OWIN cookie is added).
Release : 10.7.0
Component : APM Agents