我一直试图解决为什么WebSecurity.Logout()和Session.Abandon()并且没有杀死我的会话。我有一个托管在Web服务器上的应用程序,无法签署用户。在调试中,它已成功注销并按预期返回到登录页面。我刚刚为cookie添加了.Domain属性,以便在登录时可以访问其余的子域。我的cookie创建如下:
var authTicket = new FormsAuthenticationTicket(model.UserName, false, (int)FormsAuthentication.Timeout.TotalMinutes);
var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
//authCookie.Domain = "mysite.org"
authCookie.Domain = "127.0.0.1";
Response.AppendCookie(authCookie);
我发现了另一篇关于堆栈溢出的帖子,建议覆盖会话,即使我这样做了:
WebSecurity.Logout();
Session.Abandon();
//clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
//clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
有什么想法可以防止这种情况发生在调试中不会发生的网络服务器上?是否有其他形式的网络服务器cookie可以保留此会话?
答案 0 :(得分:2)
您也需要在清除Cookie时设置域名,否则只需在完整域级别设置新Cookie(www.mysite.org),而不是清除mysite.org Cookie。
//clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
cookie1.Domain = "mysite.org";
Response.Cookies.Add(cookie1);
//clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
cookie2.Domain = "mysite.org";
Response.Cookies.Add(cookie2);