How do I manually remove a cookie that was set by a subdomain for asp.net authentication?
The cookie was set on setter.test.com
;
<authentication mode="Forms">
<forms domain="test.com" loginUrl="Default.aspx" protection="All" path="/" requireSSL="false" timeout="45" name=".ASPXAUTH" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects=开发者_StackOverflow"false"/>
</authentication>
In my application at getter.test.com
, this is my code for logging out (removing that cookie):
public ActionResult LogOut()
{
//Manually remove the cookie created by 3rd party authentication
if (Request.Cookies[".ASPXAUTH"] != null)
{
HttpCookie myCookie = new HttpCookie(".ASPXAUTH");
myCookie.Expires = DateTime.Now.AddDays(-1d);
Response.Cookies.Add(myCookie);
}
}
This does not work.
One small change and you should be set to go.
public ActionResult LogOut()
{
//Manually remove the cookie created by 3rd party authentication
if (Request.Cookies[".ASPXAUTH"] != null)
{
HttpCookie myCookie = new HttpCookie(".ASPXAUTH");
myCookie.Expires = DateTime.Now.AddDays(-1d);
myCookie.Domain = "test.com";
Response.Cookies.Add(myCookie);
}
}
You have to be sure that the domain is set the same on both.
Since you can only have one cookie by that name, regardless of the domain, I think that the recommended way to do this is:
FormsAuthentication.SignOut();
See http://support.microsoft.com/kb/910443
精彩评论