If someone logs in on a pc from Starbucks (for example开发者_JAVA百科) and they accidentally check the 'remember me' option thereby setting a persistent cookie on that pc, is there any way of denying that cookie from the server without resorting to changing the cookie name in web.config?
I solved this (a while back actually) by setting a machineKey in web.config & changing it when the username/password is changed:
Sub ChangeMachineKey()
Dim commandLineArgs As String() = System.Environment.GetCommandLineArgs()
Dim decryptionKey As String = CreateMachineKey(64)
Dim validationKey As String = CreateMachineKey(128)
'HttpContext.Current.Response.Write(decryptionKey + "<br />" + validationKey + "<hr />")
Dim filename As String = HttpContext.Current.Server.MapPath("~/Web.config")
Dim XmlReader As XmlTextReader = New XmlTextReader(filename)
Dim xDoc As XmlDocument = New XmlDocument()
xDoc.Load(XmlReader)
XmlReader.Close()
Dim Node As System.Xml.XmlNode = xDoc.SelectSingleNode("//configuration/system.web/machineKey")
Node.Attributes.GetNamedItem("validationKey").Value = validationKey
Node.Attributes.GetNamedItem("decryptionKey").Value = decryptionKey
xDoc.Save(filename)
End Sub
Public Shared Function CreateMachineKey(ByVal numBytes As Integer) As String
Dim Random As Byte() = New Byte(numBytes / 2 - 1) {}
Dim rng As New RNGCryptoServiceProvider()
rng.GetBytes(Random)
Dim machineKey As New System.Text.StringBuilder(numBytes)
Dim i As Integer = 0
Do While i < Random.Length
machineKey.Append(String.Format("{0:X2}", Random(i)))
i += 1
Loop
Return machineKey.ToString()
End Function
This forces everyone to sign in again but since there is only one admin account it works perfectly for me!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论