很可能你的問題的經驗是在問候Cookie域。該cookie可能寫入"." + FormsAuthentication.CookieDomain
。我之前已將Cookie設置爲「admin.example.com」域,並且已看到以.
爲前綴的cookie。在開發環境中,它被寫入localhost
我使用的解決方案是爲每個驗證cookie和會話cookie添加兩個cookie。
所以我使用的解決方案如下:
protected void SignOut(HttpContext Context)
{
FormsAuthentication.SignOut();
Context.Session.Abandon();
// clear authentication cookie
Context.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName)
{
Path = FormsAuthentication.FormsCookiePath,
Value = "",
Domain = (Convert.ToString(FormsAuthentication.CookieDomain).Length > 0) ? Convert.ToString(FormsAuthentication.CookieDomain) : Context.Request.Url.Host,
HttpOnly = true,
Expires = DateTime.Now.AddYears(-1)
});
Context.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName)
{
Path = FormsAuthentication.FormsCookiePath,
Value = "",
Domain = (Convert.ToString(FormsAuthentication.CookieDomain).Length > 0) ? "." + Convert.ToString(FormsAuthentication.CookieDomain) : "." + Context.Request.Url.Host,
HttpOnly = true,
Expires = DateTime.Now.AddYears(-1)
});
// clear session cookie (not necessary for the current problem but recommended anyway)
Context.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId")
{
Path = FormsAuthentication.FormsCookiePath,
Value = "",
Domain = (Convert.ToString(FormsAuthentication.CookieDomain).Length > 0) ? Convert.ToString(FormsAuthentication.CookieDomain) : Context.Request.Url.Host,
HttpOnly = true,
Expires = DateTime.Now.AddYears(-1)
});
Context.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId")
{
Path = FormsAuthentication.FormsCookiePath,
Value = "",
Domain = (Convert.ToString(FormsAuthentication.CookieDomain).Length > 0) ? "." + Convert.ToString(FormsAuthentication.CookieDomain) : "." + Context.Request.Url.Host,
HttpOnly = true,
Expires = DateTime.Now.AddYears(-1)
});
FormsAuthentication.RedirectToLoginPage();
}
這個調用將添加以下標題到響應
位置的結果:/Login.aspx? RETURNURL =默認。aspx
Set-Cookie:**** =;到期=星期二,1999年10月12日05:00:00 GMT;路徑= /; HttpOnly
Set-Cookie:**** =;域= admin.example.com;到期= 2014年4月23日星期三18:04:58 GMT;路徑= /; HttpOnly
Set-Cookie:**** =;域= .admin.example.com;到期= 2014年4月23日星期三18:04:58 GMT;路徑= /; HttpOnly
Set-Cookie:ASP.NET_SessionId =; domain = admin.example.com expires = Wed,23-Apr-2014 18:04:58 GMT;路徑= /; HttpOnly
Set-Cookie:ASP.NET_SessionId =; domain = .admin.example.com expires = Wed,23-Apr-2014 18:04:58 GMT;路徑= /;僅Http
哪裏***
是包含我的加密身份驗證票值我的cookie的名稱;
注意,第一Set-Cookie
很可能從FormsAuthentication.SignOut()
方法調用生成。
一個常見問題是Cookie被設置在一個上下文中並試圖從另一個上下文中刪除。例如。確保刪除Set-Cookie標頭上的路徑和域屬性與原始Set-Cookie調用中的路徑和域屬性完全匹配。 – EricLaw 2010-12-08 14:23:11
不幸的是,正如我所說的,我無法控制這一點。我調用FormsAuthentication.RedirectFromLogin來設置cookie並調用Web服務LogOut方法。 – R4cOON 2010-12-08 15:22:31