过期所有表单身份验证cookie [英] Expire all forms authentication cookies

问题描述

我有一个约有10个成员的小型网站.现在已禁止其中5个.

I have a small website with about 10 members. 5 of those are now banned.

我确保他们无法通过登录页面登录.

I have ensured that they cannot login through the login page.

但是，由于身份验证cookie是持久性的，并且设置为在返回站点几个月后过期，因此它们仍将登录.

However because the authentication cookie is persistent and is set to expire after a few months if they return to the site they will still be logged in.

一个简单的解决方案是使所有身份验证票证/cookie失效.

A simple solution is just to expire all authentication tickets/cookies.

该怎么做?

推荐答案

如果您对使 all 用户的cookie无效感到满意，那么您可以像这样在web.config中重命名表单身份验证cookie. :

If you are happy with invalidating cookies for all users then you could just rename the forms authentication cookie in the web.config like so:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" name=".ASPXAUTH2"/>
</authentication>

这将强制所有用户再次登录-然后您可以使用上述技术来确保不允许您被禁的用户登录.

This will force all users to login in again - and then you can use the techniques mentioned above to ensure that your banned users aren't allowed to log in.

注意，默认cookie名称是.ASPXAUTH.上面的代码将其重命名为.ASPXAUTH2.我可以用这种方法想到的唯一问题是，如果您有一些专门查找.ASPXAUTH cookie的代码.

NB the default cookie name is .ASPXAUTH. The code above renames it to .ASPXAUTH2. The only problem I can think of with this approach is if you have some code which specifically looks for the .ASPXAUTH cookie.

这篇关于过期所有表单身份验证cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！