All geek questions in one place

How to remove authentication cookie

I am developing an ASP.NET MVC application. I made some changes to save additional information in cookies in the latest version. Few of my clients still work in the old version. Is there a way to expire existing cookies of my existing client and force login again when connecting to my new application hosted on IIS?

Thanks,

+4
source share
3 answers

You can use the static SignOut method:

FormsAuthentication.SignOut();

This will delete the authentication cookie and subsequent < requests that will not be authenticated by the user. I emphasized the following word because after calling this method you have to redirect.

+17
source

I give a new name to my cookie in web.config and this seems to solve my problem: -

  <forms loginUrl="~/Account/LogOn" name="InsightWebMobileCookie2" timeout="10000" slidingExpiration="true" />
+4
source

The problem here is that you cannot read the expiration date of the cookie so that you do not know from cookies that are old users.

So your options are:

  • If you can find out which of the "old" versions, you have the logic to expire your cookie.
  • Force logout once if they don’t have a cookie named VersionLogout. After you are forced to log out, set a cookie named "VersionLogout" with a value of 1.2, for example, so you know that you are forced to log out of the system for a specific version, and they (in the future) will no longer be be requested.

You put this code in the Application_AuthenticateRequest event in global.asax. At this point, the user is authenticated so that you can verify their cookie.

+1
source

Source: https://habr.com/ru/post/1390642/

More articles:


All Articles