All geek questions in one place

How does the HttpApplication event flow relate to membership and cookies?

I tried Application_AuthenticateRequest () in my Global.asax to better understand the flow of events. I am using the membership provider that comes with the MVC2 application by default.

I thought that if I did this:

public void Application_AuthenticateRequest(object sender, EventArgs args) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { authCookie.Expires = System.DateTime.Now.AddDays(-1); // Set the cookie expires time in order to delete it Response.Cookies.Add(authCookie); } }

The user can log in, but after loading the page after sending the login form they will be displayed as not logged in, since I destroyed their cookie.

However, it is not. Instead, they can successfully log in, and it will show that they are logged in when the page loads. On the next page they will be logged out.

I thought I didn’t destroy their cookie in time, so I put this code in Application_BeginRequest () inside my Global.asax. This gave the same results.

Does this mean that I still did not destroy their cookie on time, or do I misunderstand the flow of events?

+4
source share
2 answers

Two cookie collections are used here; Request.Cookies and Response.Cookies

Request.Cookies are cookies that came from the browser for the current page. Most / all processes are read from this collection.

Response.Cookies are cookies that will be sent back to the browser. When you set the Expires value in the Response cookie, it must first return to the browser, the browser sees that it has expired and there will be no cookies on the next page.

You can try setting Request.Cookies, but I believe it is read-only.

+1
source

Use FormsAuthentication.SignOut() ; This is the preferred way to log out of an authenticated user.

0
source

Source: https://habr.com/ru/post/1334803/

More articles:


All Articles