用户离开页面时清除/删除Cookies. [英] Clear/Delete Cookies when user leave page.
本文介绍了用户离开页面时清除/删除Cookies.的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好,
我有一个具有登录和注销页面的Web应用程序.我面临的问题是用户成功登录后,而不是单击注销,然后单击IE菜单栏上的主页按钮,然后返回到我的站点,该用户凭据仍存储在cookie中.有谁知道清除用户Cookie的最佳方法?
谢谢
DocHoliday
Hi All,
I have a web application that have login and logout page. The issue I am facing is after the user login successfully rather then clicking logout the user click the home button on IE menu bar then go back to my site that user credential is still store in the cookie. Does anyone know the best way to clear out the user cookie ?
Thanks
DocHoliday
推荐答案
您将用户凭据和身份验证详细信息存储在cookie中吗?
你不应该而是使用相同的会话.
Cookies是客户端状态管理技术,从安全性的角度考虑,不能很好地存储这些详细信息.会话通常是一个合适的选择.
You store user credentials and authentication details in a cookie?
You shouldn''t. Instead use sessions for the same.
Cookies are client side state management technique and not good from security prospective to store those details. Sessions are generally a suitable option for it.
感谢您的答复,
我正在使用LDAP和下面使用的代码检查用户的凭证:您能否举个例子,说明如何修改它以使用会话?
预先感谢您的帮助.
DocHoliday.
Thanks for your reply,
I am checking the user''s credential using LDAP and the code I used below: Can you give me example how I can modify this to use session instead ?
Thanks in advance for your help.
DocHoliday.
<pre lang="vb">Protected Sub AutenicateUser(ByVal DomainName As String, ByVal UserName As String, ByVal Password As String)
Dim adPath As String = ConfigurationManager.AppSettings("LDAP_ROOT")
Dim adAuth As New UserAuthenticationValation.ActiveDirectorAuthentication(adPath)
Try
If True = adAuth.IsAuthenticated(DomainName, UserName, Password) Then
Dim groups As String = adAuth.GetGroups(DomainName, UserName, Password)
''Create the ticket, and add the groups.
Dim isCookiePersistent As Boolean = chkPersist.Checked
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)
''Encrypt the ticket.
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
''Create a cookie, and then add the encrypted ticket to the cookie as data.
authCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
If (isCookiePersistent = True) Then
authCookie.Expires = authTicket.Expiration
End If
''Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie)
Dim Subgroups As String() = groups.Split(New Char() {"|"c})
Dim GroupName As String
For Each GroupName In Subgroups
If GroupName = mstrValidateGroup Then
mbValidationFail = True
Exit For
End If
Next
''You can redirect now.
If mbValidationFail = True Then
Session("User_id") = UserName
mstrUserID = UserName
Response.Redirect("Default.aspx")
Else
lblError.Text = "At this time, you do not have access to this application." & "<BR> If you feel you have received this message in error, please contact the helpdesk @ 368-3375."
End If
Else
lblError.Text = "Authentication did not succeed. Check user name and password."
End If
Catch ex As Exception
lblError.Text = "Error authenticating. " & ex.Message
lblError.Visible = True
End Try
End Sub
End Class
这篇关于用户离开页面时清除/删除Cookies.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文