在web.config中,我们具有以下内容:
<authentication mode="Forms">
<forms loginUrl="~/login" timeout="43200" slidingExpiration="true" name=".PX" />
</authentication>
此后,我们将其更新为:
<authentication mode="Forms">
<forms loginUrl="~/login" timeout="43200" slidingExpiration="true" name=".PX" enableCrossAppRedirects="true" domain="[websitename].com" />
</authentication>
问题是,当我们调用
FormsAuthentication.SignOut()时,已经登录的用户不再注销。现在,我执行以下操作,而不仅仅是callign
FormsAuthentication.SignOut(),但它仍未退出当前登录的用户:private static void SignOut(HttpContextBase context)
{
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, FormsAuthentication.CookieDomain, true);
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, FormsAuthentication.CookieDomain, false);
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, null, true);
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, null, false);
// clear cookies server side
context.Request.Cookies.Clear();
context.Session.Abandon();
FormsAuthentication.SignOut();
}
private static void RemoveCookie(HttpContextBase context, string name, string path, string domain, bool httpOnly)
{
context.Response.Cookies.Add(new HttpCookie(name, "NoCookie")
{
Path = path,
Domain = domain,
Secure = false,
Shareable = false,
HttpOnly = httpOnly,
Expires = DateTime.Now.AddDays(-1d)
});
}
最佳答案
在FormsAuthentication.SignOut()中,有一个呼叫将从响应中删除所有以前的cookie:context.Response.Cookies.RemoveCookie(FormsCookieName);(https://github.com/Microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs#L421)
更改所有内容的顺序似乎可以解决此问题:
private static void SignOut(HttpContextBase context)
{
context.Session.Abandon();
FormsAuthentication.SignOut();
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, FormsAuthentication.CookieDomain, true);
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, FormsAuthentication.CookieDomain, false);
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, null, true);
RemoveCookie(context, FormsAuthentication.FormsCookieName, FormsAuthentication.FormsCookiePath, null, false);
// clear cookies server side
context.Request.Cookies.Clear();
}
关于c# - 更改CookieDomain后,FormsAuthentication.SignOut()无法正常工作,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/53197387/