如何删除 ASP.NET 2010 中的会话 cookie?
我有一个使用默认成员资格控件的 ASP.NET 2010 Web 应用程序。当我登录时,主服务器上的登录控件会显示注销控件。当我单击该按钮时,它确实会将我重定向到默认页面,但我注意到,如果我导航回经过身份验证的页面,它会让我进入。因此,当单击注销链接时,我添加了以下代码以确保 cookie 被终止,
FormsAuthentication.SignOut()
Session.Abandon()
但我仍然可以导航到经过身份验证的页面。只有当我真正关闭浏览器并重新打开它时,它才会阻止我。
这是我的 web.config...
<authentication mode="Forms">
<forms
name=".ASPXAUTH"
loginUrl="~/Account/Login.aspx"
protection="All"
timeout="2880"
slidingExpiration="true"
defaultUrl="~/Authenticated/User/UserHome.aspx"
/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
passwordFormat="Hashed"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ApplicationServices" applicationName="/"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
I have an ASP.NET 2010 web app that uses the default membership controls. When I log in, the Login control on the Master reveals a Log out control. When I click that, it does redirect me to Default page, but I notice that if I naviagte back to an authenticated page, it lets me in. So I added the following code when the log out link is clicked to ensure the cookie is killed,
FormsAuthentication.SignOut()
Session.Abandon()
But I can still navigate to the authenticated page. It only stops me if I actually close the browser and reopen it.
Here is my web.config....
<authentication mode="Forms">
<forms
name=".ASPXAUTH"
loginUrl="~/Account/Login.aspx"
protection="All"
timeout="2880"
slidingExpiration="true"
defaultUrl="~/Authenticated/User/UserHome.aspx"
/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
passwordFormat="Hashed"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ApplicationServices" applicationName="/"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
试试这个:
这会尝试将 ASP.NET_SessionID cookie 设置为立即过期。浏览器应该将其从集合中删除。我还没有在 VS2010 中运行过这个,所以请对我的打字持保留态度。
让我知道这是否适合您。
Try this:
This attempts to set the ASP.NET_SessionID cookie to expire immediately. The browser should remove it from its collection. I've not run this up in VS2010, so please take my typing with a grain of salt.
Let me know if this works for you.