过期所有表单身份验证cookie [英] Expire all forms authentication cookies
问题描述
我有一个约有10个成员的小型网站.现在已禁止其中5个.
I have a small website with about 10 members. 5 of those are now banned.
我确保他们无法通过登录页面登录.
I have ensured that they cannot login through the login page.
但是,由于身份验证cookie是持久性的,并且设置为在返回站点几个月后过期,因此它们仍将登录.
However because the authentication cookie is persistent and is set to expire after a few months if they return to the site they will still be logged in.
一个简单的解决方案是使所有身份验证票证/cookie失效.
A simple solution is just to expire all authentication tickets/cookies.
该怎么做?
推荐答案
如果您对使 all 用户的cookie无效感到满意,那么您可以像这样在web.config中重命名表单身份验证cookie. :
If you are happy with invalidating cookies for all users then you could just rename the forms authentication cookie in the web.config like so:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" name=".ASPXAUTH2"/>
</authentication>
这将强制所有用户再次登录-然后您可以使用上述技术来确保不允许您被禁的用户登录.
This will force all users to login in again - and then you can use the techniques mentioned above to ensure that your banned users aren't allowed to log in.
注意,默认cookie名称是.ASPXAUTH.上面的代码将其重命名为.ASPXAUTH2.我可以用这种方法想到的唯一问题是,如果您有一些专门查找.ASPXAUTH cookie的代码.
NB the default cookie name is .ASPXAUTH. The code above renames it to .ASPXAUTH2. The only problem I can think of with this approach is if you have some code which specifically looks for the .ASPXAUTH cookie.
这篇关于过期所有表单身份验证cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!