用户离开页面时清除/删除Cookies. [英] Clear/Delete Cookies when user leave page.

问题描述

大家好，

我有一个具有登录和注销页面的Web应用程序.我面临的问题是用户成功登录后，而不是单击注销，然后单击IE菜单栏上的主页按钮，然后返回到我的站点，该用户凭据仍存储在cookie中.有谁知道清除用户Cookie的最佳方法?


谢谢
DocHoliday

Hi All,

I have a web application that have login and logout page. The issue I am facing is after the user login successfully rather then clicking logout the user click the home button on IE menu bar then go back to my site that user credential is still store in the cookie. Does anyone know the best way to clear out the user cookie ?


Thanks
DocHoliday

推荐答案

您将用户凭据和身份验证详细信息存储在cookie中吗?
你不应该而是使用相同的会话.

Cookies是客户端状态管理技术，从安全性的角度考虑，不能很好地存储这些详细信息.会话通常是一个合适的选择.

You store user credentials and authentication details in a cookie?
You shouldn''t. Instead use sessions for the same.

Cookies are client side state management technique and not good from security prospective to store those details. Sessions are generally a suitable option for it.

感谢您的答复，
我正在使用LDAP和下面使用的代码检查用户的凭证:您能否举个例子，说明如何修改它以使用会话?

预先感谢您的帮助.
DocHoliday.

Thanks for your reply,
I am checking the user''s credential using LDAP and the code I used below: Can you give me example how I can modify this to use session instead ?

Thanks in advance for your help.
DocHoliday.

<pre lang="vb">Protected Sub AutenicateUser(ByVal DomainName As String, ByVal UserName As String, ByVal Password As String)


        Dim adPath As String = ConfigurationManager.AppSettings("LDAP_ROOT")

        Dim adAuth As New UserAuthenticationValation.ActiveDirectorAuthentication(adPath)
        Try
            If True = adAuth.IsAuthenticated(DomainName, UserName, Password) Then
                Dim groups As String = adAuth.GetGroups(DomainName, UserName, Password)

                ''Create the ticket, and add the groups.
                Dim isCookiePersistent As Boolean = chkPersist.Checked
                Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
                     txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)

                ''Encrypt the ticket.
                Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)

                ''Create a cookie, and then add the encrypted ticket to the cookie as data.
                authCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
                If (isCookiePersistent = True) Then
                    authCookie.Expires = authTicket.Expiration
                End If
                ''Add the cookie to the outgoing cookies collection.
                Response.Cookies.Add(authCookie)

                Dim Subgroups As String() = groups.Split(New Char() {"|"c})
                Dim GroupName As String
                For Each GroupName In Subgroups
                    If GroupName = mstrValidateGroup Then
                        mbValidationFail = True
                        Exit For
                    End If
                Next
                ''You can redirect now.
                If mbValidationFail = True Then
                    Session("User_id") = UserName
                    mstrUserID = UserName
                    Response.Redirect("Default.aspx")
                Else
                    lblError.Text = "At this time, you do not have access to this application." & "<BR> If you feel you have received this message in error, please contact the helpdesk @ 368-3375."

                End If
            Else
                lblError.Text = "Authentication did not succeed. Check user name and password."

            End If

        Catch ex As Exception
            lblError.Text = "Error authenticating. " & ex.Message
            lblError.Visible = True
        End Try

    End Sub



End Class

这篇关于用户离开页面时清除/删除Cookies.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！