Cookie未被删除

时间:2009-11-20 15:21:42

标签: asp.net-mvc cookies

我使用以下代码在我的asp.net mvc(C#)应用程序中设置cookie:

public static void SetValue(string key, string value, DateTime expires)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;

    HttpCookie cookie = new HttpCookie(key, value) { Expires = expires };
    _response.Cookies.Set(cookie);
}

我需要在用户点击退出时删除Cookie。使用“清除/删除”不会删除/删除设置的cookie。代码如下:

public static void Clear()
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;

    _request.Cookies.Clear();
    _response.Cookies.Clear();
}

public static void Remove(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;

    if (_request.Cookies[key] != null)
    {
        _request.Cookies.Remove(key);
    }
    if (_response.Cookies[key] != null)
    {
        _response.Cookies.Remove(key);
    }
}

我已尝试过上述两种功能,但当我尝试检查存在时,cookie仍然存在。

public static bool Exists(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;
    return _request.Cookies[key] != null;
}

这可能有什么问题?或者我要删除/删除cookie需要做什么?

6 个答案:

答案 0 :(得分:53)

清除响应的cookie不会指示浏览器清除cookie,它只是不会将cookie发送回浏览器。要指示浏览器清除cookie,您需要告诉它cookie已过期,例如

public static void Clear(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _response = httpContext.Response;

    HttpCookie cookie = new HttpCookie(key) 
        { 
            Expires = DateTime.Now.AddDays(-1) // or any other time in the past
        };
    _response.Cookies.Set(cookie);
}

答案 1 :(得分:4)

只是为了添加其他东西,我也将值传回null,例如。

    public static void RemoveCookie(string cookieName)
    {
        if (HttpContext.Current.Response.Cookies[cookieName] != null)
        {
            HttpContext.Current.Response.Cookies[cookieName].Value = null;
            HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddMonths(-1);
        }
    }

答案 2 :(得分:4)

请求和响应对象中的Cookie集合不是浏览器中Cookie的代理,它们是浏览器发送给您的一组Cookie,然后您发回。如果您从请求中删除cookie,那么它完全是服务器端,如果您在响应中没有cookie,那么您就不会将任何内容发送回客户端,这不会改变浏览器中的cookie集。所有

要删除Cookie,请确保在响应Cookie集合中 ,但过去有过期时间。

答案 3 :(得分:3)

实现此目的的最佳方法是使用像Reflector这样的工具,看看System.Web.Security.FormsAuthentication.SignOut方法如何实现删除身份验证cookie。

在Reflector中,打开System.Web并导航到FormsAuthentication对象并找到SignOut方法。右键单击它并选择“Disassemble”(从菜单中选择您的语言)。

<强> VB.NET

Public Shared Sub SignOut()

    FormsAuthentication.Initialize

    Dim current As HttpContext = HttpContext.Current
    Dim flag As Boolean = current.CookielessHelper.DoesCookieValueExistInOriginal("F"c)
    current.CookielessHelper.SetCookieValue("F"c, Nothing)

    If (Not CookielessHelperClass.UseCookieless(current, False, FormsAuthentication.CookieMode) OrElse current.Request.Browser.Cookies) Then
        Dim str As String = String.Empty

        If (current.Request.Browser.Item("supportsEmptyStringInCookieValue") = "false") Then
            str = "NoCookie"
        End If

        Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, str)

        cookie.HttpOnly = True
        cookie.Path = FormsAuthentication._FormsCookiePath
        cookie.Expires = New DateTime(&H7CF, 10, 12)
        cookie.Secure = FormsAuthentication._RequireSSL

        If (Not FormsAuthentication._CookieDomain Is Nothing) Then
            cookie.Domain = FormsAuthentication._CookieDomain
        End If

        current.Response.Cookies.RemoveCookie(FormsAuthentication.FormsCookieName)
        current.Response.Cookies.Add(cookie)
    End If

    If flag Then
        current.Response.Redirect(FormsAuthentication.GetLoginPage(Nothing), False)
    End If

End Sub

以上面的例子为例,我能够在共享程序集中创建一个名为RemoveCookie()的常用方法,代码如下:

<强> VB.NET

''' <summary>
''' Method to remove a cookie
''' </summary>
''' <param name="key">Key</param>
''' <remarks></remarks>
Public Shared Sub RemoveCookie(ByVal key As String)

    ' Encode key for retrieval and remove cookie
    With HttpContext.Current
        Dim cookie As New HttpCookie(.Server.UrlEncode(key))

        If Not IsNothing(cookie) Then
            With cookie
                .HttpOnly = True
                .Expires = New DateTime(&H7CF, 10, 12)
            End With

            ' Remove from server (has no effect on client)
            .Response.Cookies.Remove(.Server.UrlEncode(key))
            ' Add expired cookie to client, effectively removing it
            .Response.Cookies.Add(cookie)
        End If

    End With

End Sub

使用FireBug和FireBug的Cookie加载项(在FireFox中)测试了这个,我可以证明cookie立即被删除。

如有任何问题,请随时给我发消息。

答案 4 :(得分:1)

玩了一段时间,在这里尝试了所有其他答案后,我发现这里的答案都不是完全正确的。

正确的部分是您必须发送过期的cookie才能进行删除。没有其他人会注意到的部分(但在Ed DeGagne发布的Microsoft代码中得到了证明)是,删除的cookie选项必须与最初用于设置cookie的cookie选项完全匹配。

例如,如果最初使用HttpOnly选项创建了cookie,则在删除cookie时也必须设置此选项。我希望确切的行为会随浏览器的不同而变化,并且可能会随着时间的推移而变化,因此,可以长期有效的唯一安全选项是,确保删除响应中的所有cookie选项都完全匹配最初用于创建cookie的cookie选项。

答案 5 :(得分:0)

Response.Cookies [“ key”]。Expires = DateTime.Now;