问题描述
引用在子域中共享cookie 我实现了jro的答案,它适用于签名in.(在不同的子域中共享cookie)
Refering to sharing cookie in subdomains I implemented jro's answer and it worked for sign in. (sharing the cookie in different sub domains)
但是,此更改影响了注销过程.请参考我在下面共享的SignOut和SignIn代码.
However with this change effected the signout process. Please refer to the SignOut and SignIn code I shared below.
问题在于,在注销过程中,它将执行FormsAuthentication.SignOut,然后重定向到登录控制器,但是即使在注销过程中调用了FormsAuthentication.SignOut,也将"System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated"设置为true.
The issue is that in the signout process it does a FormsAuthentication.SignOut and then redirect to the sign in controller, but "System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated" is set to true even though the FormsAuthentication.SignOut is called in the sign out process.
设置表单身份验证Cookie的代码
Code that sets the Forms Authentication Cookie
public static HttpCookie GetAuthenticationCookie(CookieData cookieData)
{
string userData = PrepareCookieContentFromCookieData(cookieData); //Get a string with User data
AuthenticationSection section = WebConfigurationManager.GetWebApplicationSection("system.web/authentication") as AuthenticationSection;
TimeSpan ts = section.Forms.Timeout;
int timeout = (ts.Minutes != 0) ? timeout = ts.Minutes : 1;
bool isPersistent = Convert.ToBoolean(HttpContext.Current.Request.Form["isPersistent"] ?? "False");
if (isPersistent) timeout = 30 * 24 * 60;
//ticket object is formed based on the above details set. Evry page afer login will use this ticket to get base user data
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, cookieData.userName, DateTime.Now,
DateTime.Now.AddMinutes(timeout), isPersistent, userData, FormsAuthentication.FormsCookiePath);
// to encrypt the ticket
string encryptedCookieString = FormsAuthentication.Encrypt(ticket);
// setting the ticket to the cookie.
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedCookieString);
cookie.HttpOnly = true;
cookie.Domain = "parent.com";
if (isPersistent)
cookie.Expires = DateTime.Now.AddYears(1);
return cookie;
}
退出
public ActionResult SignOut()
{
if (HttpContext != null && HttpContext.Session != null)
{
HttpContext.Session.Abandon();
}
FormsAuthentication.SignOut();
}
return RedirectToAction("SignIn", "User");
}
登录
public ActionResult SignIn(string CompanyCode)
{
//Check if logged in
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
//return to a specific page
}
}
对此表示感谢.
推荐答案
解决了该问题.如果手动设置域名,则必须从webconfig表单身份验证设置中设置域名.否则,它将尝试从默认域(在我的情况下为subapp1.parent.com)中清除cookie,在默认域中,由于我手动覆盖了cookie域,因此没有此类cookie.
Solved the issue. If you set the domain name manually, you have to set the domain name from the webconfig forms authentication settings. Otherwise it will try to clear cookies from the default domain (in my case subapp1.parent.com), where there is no such cookie since I have manually overridden the cookie domain.
我的表单身份验证设置如下
My forms authentication settings was as follows
<forms cookieless="UseCookies" defaultUrl="~/Applications" loginUrl="~/user/signin" name="FormAuthentication" path="/"/>
然后我添加了domain=".parent.com"作为域,它开始工作.
Then I added domain=".parent.com" as the domain and it started working.
这是我诊断问题的方式,
Here is how I diagnosed the issue,
我尝试使用以下代码在注销过程中手动删除所有Cookie,
I tried following code to manually remove any cookies during sign out,
var cookie = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
Logger.Log.InfoFormat("Cookies found. Domain:{0} Name:{1}", cookie.Domain, cookie.Name);
cookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie);
}
问题仍然存在.但是我登录(log4net)cookie.Domain以便在发生这种情况时获取详细信息.令人惊讶的是,该域是空的,我希望在该域中找到"parent.com".然后我检查了表单身份验证设置,发现那里没有设置域名.
Still the issue was there. But I logged (log4net) the cookie.Domain to get details when this happens. Surprisingly the domain was empty, where I was expecting "parent.com". Then I checked the forms-authentication settings and figured out the domain name was not set there.
希望这可以为某人节省几个小时!
Hope this will help to save several hours for someone!
这篇关于即使在退出后手动设置FormsAuth cookie域,CurrentPrincipal.Identity.IsAuthenticated也为true的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!