从 JavaScript 清除 SSL 客户端证书状态 [英] Clear SSL client certificate state from JavaScript

问题描述

我在 SSL 会话中使用客户端证书对用户进行身份验证，但我在缓存会话方面遇到了一些问题.(我已将 IIS 配置为接受—不需要—客户端证书.)

I'm using client certificates in SSL sessions to authenticate users, but I'm having a bit of a problem with cached sessions. (I have configured IIS to accept—not require—client certificates.)

正常情况:
用户访问要求证书的页面.浏览器启动证书选择器，用户选择所需的证书(并在需要时输入 PIN)，然后一切按原样进行.

Normal situation:
A user accesses the page that asks for the certificate. The browser launches the certificate selector, the user selects the desired certificate (and enters a PIN if needed), and everything goes forward as it should.

事情没有按预期工作的情况:
用户访问要求证书的页面.浏览器启动证书选择器，用户选择所需的证书，然后在 PIN 对话框中取消.由于没有发送证书，用户被重定向到上一页.用户尝试再次登录，但尝试自动失败，因为上次 SSL 会话已被缓存.

Situation where things don't work as expected:
A user accesses the page that asks for the certificate. The browser launches the certificate selector, and the user selects the desired certificate, but then cancels at the PIN dialog. The user is redirected to the previous page because no certificate was sent. The user tries to log in again, but the attempt automatically fails because the last SSL session was cached.

我在 IE 中使用 document.execCommand("ClearAuthenticationCache"); 解决了这个问题，但它在 FF 或 Chrome 中仍然不起作用，因为它们不支持该方法.有什么办法可以解决这个问题吗?

I solved this in IE using document.execCommand("ClearAuthenticationCache");, but it still doesn't work in FF or Chrome because they don't support the method. Is there any way to solve this?

推荐答案

您可能对 这个讨论 和这个铬问题.特别是，您应该尝试:

You may be interested in this discussion and this Chromium issue. In particular, you should try:

if (window.crypto) window.crypto.logout();

这篇关于从 JavaScript 清除 SSL 客户端证书状态的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！