当用户在 ASP.NET MVC 中关闭浏览器或选项卡时,如何注销用户? [英] How do I log a user out when they close their browser or tab in ASP.NET MVC?
问题描述
当用户关闭选项卡或浏览器时,我需要注销用户,我该如何在 ASP.NET MVC 中执行此操作?
I need to sign out a user when the user closed the tab or browser, how do I do that in ASP.NET MVC?
推荐答案
您可以采取一些措施来确保在浏览器关闭时用户已注销,但这取决于您如何设置 FormsAuthentication饼干:
There are a few things you can do to make sure the user is signed out when the browser is closed, but it depends on how you're setting the FormsAuthentication cookie:
- 使用
Cookieless=True. - 将 FormsAuthenticationTicket 设置为非持久性
- 使用
FormsAuthentication.SetAuthCookie将 Persistence 设置为false - 使用 JavaScript 方法删除
window.unload上的 cookie.
- Use
Cookieless=True. - Set a FormsAuthenticationTicket to not be persistent
- Use
FormsAuthentication.SetAuthCookieto set Persistence tofalse - Use a JavaScript approach to remove the cookie on
window.unload.
Cookieless=True 方法:
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Account/Login"
protection="All"
cookieless="true" //set to true
</authentication>
</system.web>
这会将 cookie 值附加到每个请求中的查询字符串.这种方法的问题是它不是很安全,而且会干扰 SEO.如果用户将他们正在使用的 URL 发送给任何人,则该人可以以原始用户身份登录(可能不是您想要的).至于搞乱 SEO",它会根据传入的 URL 使同一页面看起来与 googlebot 不同.每次 QueryString 更改都会使其成为一个新 URL,如果有人使用它来发布链接;它会稀释给定实际 URL 的搜索结果.
This appends the cookie value to the querystring in each request. The problem with this approach is it's not very secure and it messes with SEO. If a user sends anyone the URL they're using, that person can log in as the original user (probably not what you want). As far as 'messing with SEO', it causes the same page to look different to a googlebot based on what URL is passed in. Each QueryString change makes it a new URL, and if anyone uses this for posting a link; it will dilute the search results for a given actual URL.
当您为用户设置身份验证 cookie 时,请将 Persistent 设置为 False.
When you set an Authentication cookie for the user, set Persistent to False.
如果您在 FormsAuthentication.SetAuthCookie 中执行此操作,则这是默认设置.如果您使用 FormsAuthenticationTicket 类,则必须指定 cookie 过期时间.
If you're doing this in the FormsAuthentication.SetAuthCookie, this is default. If you use the FormsAuthenticationTicket class, you have to specify the cookie expiration.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, //version
"blah", //Cookie Name
);
FormsAuthentication.SetAuthCookie() 方法
默认情况下,如果不设置persistent,身份验证cookie将在会话结束时(当用户关闭浏览器时)过期.
FormsAuthentication.SetAuthCookie() Approach
By default, if you don't set persistent, the authentication cookie will expire at the end of the session (when the user closes the browser).
FormsAuthentication.SetAuthCookie("CookieValue", false); //second argument is persistent'
JavaScript 方法:
没有万无一失的方法;您所能做的就是将 cookie 到期日期设置为现在之前,并希望用户的浏览器配合.如果您真的、真的、真的希望 cookie 消失,您可以随时尝试使用 JavaScript 方法,但如果用户禁用了 JavaScript,那将不起作用.
JavaScript approach:
There are no foolproof methods; all you can do is set the cookie expiration date to before now and hope the user's browser co-operates. If you really, really, really, want the cookie gone, you can always try a JavaScript approach, but that won't work if the user has JavaScript disabled.
window.addEventListener('unload', function(event) {
document.cookie = name + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
});
其他注意事项
您使用的浏览器也很重要.Chrome 能够在后台运行,并且 保持会话 Cookies 直到它们超时 -- 浏览器关闭时它们不会被删除(我发现这很困难).
这篇关于当用户在 ASP.NET MVC 中关闭浏览器或选项卡时,如何注销用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
