如何删除 ASP.NET 2010 中的会话 cookie?

发布于 2024-10-15 22:34:48 字数 2137 浏览 3 评论 0原文

我有一个使用默认成员资格控件的 ASP.NET 2010 Web 应用程序。当我登录时,主服务器上的登录控件会显示注销控件。当我单击该按钮时,它确实会将我重定向到默认页面,但我注意到,如果我导航回经过身份验证的页面,它会让我进入。因此,当单击注销链接时,我添加了以下代码以确保 cookie 被终止,

FormsAuthentication.SignOut()
Session.Abandon()

但我仍然可以导航到经过身份验证的页面。只有当我真正关闭浏览器并重新打开它时,它才会阻止我。

这是我的 web.config...

<authentication mode="Forms">
            <forms 
        name=".ASPXAUTH"
        loginUrl="~/Account/Login.aspx"
        protection="All"
        timeout="2880"
        slidingExpiration="true"
        defaultUrl="~/Authenticated/User/UserHome.aspx"
        />
        </authentication>

    <membership>
            <providers>
                <clear/>
                <add name="AspNetSqlMembershipProvider"
              passwordFormat="Hashed"
             type="System.Web.Security.SqlMembershipProvider" 
             connectionStringName="ApplicationServices" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="false" 
             requiresUniqueEmail="false" 
             maxInvalidPasswordAttempts="5" 
             minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0"
             passwordAttemptWindow="10" 
             applicationName="/"/>
            </providers>
        </membership>

        <profile>
            <providers>
                <clear/>
                <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
            </providers>
        </profile>

        <roleManager enabled="true">
   <providers>
    <clear />
    <add connectionStringName="ApplicationServices" applicationName="/"
     name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
    <add applicationName="/" name="AspNetWindowsTokenRoleProvider"
     type="System.Web.Security.WindowsTokenRoleProvider" />
   </providers>
  </roleManager>

I have an ASP.NET 2010 web app that uses the default membership controls. When I log in, the Login control on the Master reveals a Log out control. When I click that, it does redirect me to Default page, but I notice that if I naviagte back to an authenticated page, it lets me in. So I added the following code when the log out link is clicked to ensure the cookie is killed,

FormsAuthentication.SignOut()
Session.Abandon()

But I can still navigate to the authenticated page. It only stops me if I actually close the browser and reopen it.

Here is my web.config....

<authentication mode="Forms">
            <forms 
        name=".ASPXAUTH"
        loginUrl="~/Account/Login.aspx"
        protection="All"
        timeout="2880"
        slidingExpiration="true"
        defaultUrl="~/Authenticated/User/UserHome.aspx"
        />
        </authentication>

    <membership>
            <providers>
                <clear/>
                <add name="AspNetSqlMembershipProvider"
              passwordFormat="Hashed"
             type="System.Web.Security.SqlMembershipProvider" 
             connectionStringName="ApplicationServices" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="false" 
             requiresUniqueEmail="false" 
             maxInvalidPasswordAttempts="5" 
             minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0"
             passwordAttemptWindow="10" 
             applicationName="/"/>
            </providers>
        </membership>

        <profile>
            <providers>
                <clear/>
                <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
            </providers>
        </profile>

        <roleManager enabled="true">
   <providers>
    <clear />
    <add connectionStringName="ApplicationServices" applicationName="/"
     name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
    <add applicationName="/" name="AspNetWindowsTokenRoleProvider"
     type="System.Web.Security.WindowsTokenRoleProvider" />
   </providers>
  </roleManager>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

贵在坚持 2024-10-22 22:34:48

试试这个:

Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddYears(-1)
FormsAuthentication.SignOut()
Session.Abandon()

// Now, forward to a safe unauthenticated page if SignOut() doesn't already do this.
Response.Redirect("/default.aspx")

这会尝试将 ASP.NET_SessionID cookie 设置为立即过期。浏览器应该将其从集合中删除。我还没有在 VS2010 中运行过这个,所以请对我的打字持保留态度。

让我知道这是否适合您。

Try this:

Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddYears(-1)
FormsAuthentication.SignOut()
Session.Abandon()

// Now, forward to a safe unauthenticated page if SignOut() doesn't already do this.
Response.Redirect("/default.aspx")

This attempts to set the ASP.NET_SessionID cookie to expire immediately. The browser should remove it from its collection. I've not run this up in VS2010, so please take my typing with a grain of salt.

Let me know if this works for you.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文