All geek questions in one place

Unable to log out after specifying the "domain" parameter in the "authentication" web.config

I have an exit handler that worked fine:

public void ProcessRequest(HttpContext context) { //// Sign out System.Web.Security.FormsAuthentication.SignOut(); //// Clear Session if (context.Session != null) { context.Session.Clear(); } /// Expire all the cookies so browser visits us as a brand new user List<string> cookiesToClear = new List<string>(); foreach (string cookieName in context.Request.Cookies) { HttpCookie cookie = context.Request.Cookies[cookieName]; cookiesToClear.Add(cookie.Name); } foreach (string name in cookiesToClear) { HttpCookie cookie = new HttpCookie(name, string.Empty); cookie.Expires = DateTime.Today.AddYears(-1); context.Response.Cookies.Set(cookie); } context.Response.Redirect("~/default.aspx"); } }

As soon as I added the "domain" parameter to the authentication section of web.config:

  <forms timeout="50000000" loginUrl="~/login" domain='mysite.com'/>

... he no longer registers the user - after redirecting to "~ / default.aspx" I still see that the user is logged in (I set a breakpoint to load the events of this page and check HttpContext.Current.User.Identity.IsAuthenticated , and its value is true).

Then I delete "domain = 'mysite.com" and logs the user in without problems.

I need to specify a domain because I added a subdomain with my own application, but I want it to share a cookie cookie.

Any ideas are welcome!

+4
source share
2 answers

When I update cookies before they expire, I need to specify the domain:

 cookie.Domain = FormsAuthentication.CookieDomain;

This solves the problem.

+1
source

Please specify domain =".mysite.com"

0
source

Source: https://habr.com/ru/post/1344716/

More articles:


All Articles