我如何注销用户时,他们关闭自己的ASP.NET MVC中的浏览器或标签? [英] How do I log a user out when they close their browser or tab in ASP.NET MVC?
问题描述
我需要注销用户,当用户关闭选项卡或浏览器,我该怎么做,在ASP.NET MVC?
有几件事情可以做,以确保用户签订出来的时候,浏览器被关闭,但它取决于你如何设置FormsAuthentication饼干:
- 使用
无Cookie = TRUE。 - 设置一个的FormsAuthenticationTicket不具有持久性
- 使用
FormsAuthentication.SetAuthCookie设置余辉假 - 使用一个JavaScript的方法来去除
window.unload饼干。
无Cookie = TRUE 办法:
<&的System.Web GT;
<身份验证模式=表格>
<形式loginUrl =/帐号/登录
保护=全部
无Cookie =真//设置为true
< /认证>
< /system.web>
这追加的cookie值在每个请求的查询字符串。这种方法的问题是,它不是很安全,它与SEO食堂。如果用户发送任何他们所使用的URL,这个人可以作为原始用户登录(可能不是你想要的)。至于与SEO搞乱,它会导致同样的页面,根据传递哪些URL看起来不同的Googlebot每个查询字符串的改变使得它一个新的URL,如果有人使用此张贴的链接。它会淡化搜索结果对于给定的实际的URL。
的FormsAuthenticationTicket 办法
当您设置用户身份验证Cookie,persistent设置为假。
如果您在 FormsAuthentication.SetAuthCookie ,这是默认这样做。如果您使用的FormsAuthenticationTicket 类,你必须指定cookie过期。
的FormsAuthenticationTicket票=新的FormsAuthenticationTicket(
1,//版本
嗒嗒,// Cookie名称);
FormsAuthentication.SetAuthCookie()办法
在默认情况下,如果没有设置永久,身份验证cookie将在会议结束时(当用户关闭浏览器)失效。
FormsAuthentication.SetAuthCookie(CookieValue,FALSE); //第二个参数是老大难
JavaScript方式:
有没有万无一失的方法;所有你能做的就是设置cookie到期日之前,现在,并希望用户的浏览器协同工作。如果你真的,真的,真的,想要的饼干走了,你可以尝试一个JavaScript的方法,但如果用户禁用JavaScript。这是行不通的。
window.addEventListener('卸载',函数(事件){
的document.cookie =名称+'=;过期=星期四,01 1 1970 00:00:01 GMT;';
});
其他注意事项
这也很重要,你使用的浏览器。铬有在后台运行,保持会话Cookie周围,直到他们的超时被击中的能力, - - 当浏览器关闭他们没有下降(我发现这个硬盘的方式)
。I need to sign out a user when the user closed the tab or browser, how do I do that in ASP.NET MVC?
There are a few things you can do to make sure the user is signed out when the browser is closed, but it depends on how you're setting the FormsAuthentication cookie:
- Use
Cookieless=True. - Set a FormsAuthenticationTicket to not be persistent
- Use
FormsAuthentication.SetAuthCookieto set Persistence tofalse - Use a JavaScript approach to remove the cookie on
window.unload.
Cookieless=True approach:
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Account/Login"
protection="All"
cookieless="true" //set to true
</authentication>
</system.web>
This appends the cookie value to the querystring in each request. The problem with this approach is it's not very secure and it messes with SEO. If a user sends anyone the URL they're using, that person can log in as the original user (probably not what you want). As far as 'messing with SEO', it causes the same page to look different to a googlebot based on what URL is passed in. Each QueryString change makes it a new URL, and if anyone uses this for posting a link; it will dilute the search results for a given actual URL.
FormsAuthenticationTicket Approach
When you set an Authentication cookie for the user, set Persistent to False.
If you're doing this in the FormsAuthentication.SetAuthCookie, this is default. If you use the FormsAuthenticationTicket class, you have to specify the cookie expiration.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, //version
"blah", //Cookie Name
);
FormsAuthentication.SetAuthCookie() Approach
By default, if you don't set persistent, the authentication cookie will expire at the end of the session (when the user closes the browser).
FormsAuthentication.SetAuthCookie("CookieValue", false); //second argument is persistent'
JavaScript approach:
There are no foolproof methods; all you can do is set the cookie expiration date to before now and hope the user's browser co-operates. If you really, really, really, want the cookie gone, you can always try a JavaScript approach, but that won't work if the user has JavaScript disabled.
window.addEventListener('unload', function(event) {
document.cookie = name + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
});
Other caveats
It also matters which browser you use. Chrome has the ability to run in the background, and that keeps Session Cookies around until their timeout is hit -- they are not dropped when the browser is closed (I found this out the hard way).
这篇关于我如何注销用户时,他们关闭自己的ASP.NET MVC中的浏览器或标签?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
