ASP.NET Authentication Cookie Does Not Remove After Firefox Closes

Question

ASP.NET Authentication Cookie Does Not Remove After Firefox Closes

Im developing a small web application used on a shared computer.

When the user closes the browser window, I want the session and authentication to be deleted.

On the login page, I use something like this to authenticate the user:

FormsAuthenticationTicket authTicket =
      new FormsAuthenticationTicket(1,txtUser.Text,
                                    DateTime.Now,
                                    DateTime.Now.AddMinutes(5),
                                    false,"");

string encTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
HttpContext.Current.Response.Cookies.Add(faCookie);
string redirectUrl = FormsAuthentication.GetRedirectUrl(txtUser.Text, false);
HttpContext.Current.Response.Redirect(redirectUrl);

As you can see, I set the variable "isPersistent" to false.

This seems to work on Chrome (not tested in IE), however, when I launch the application in Firefox, when I activate several tabs, if I close the browser and open again, I'm still authenticated, and the cookie is still there!

This is really strange, because the cookie should be deleted when closing ... Is this a bug from Firefox when you have multiple tabs open? How can i fix this?

Help is much appreciated!

+5

authentication c# firefox cookies asp.net

Tony Santos 29 . '09 17:56

7

? . , . , , FireFox: , HTTP, ..

+4

GBegen 29 . '09 18:43

, Mozilla , cookie:

if (Request.Cookies["UserSettings"] != null)
{
    HttpCookie myCookie = new HttpCookie("UserSettings");
    myCookie.Expires = DateTime.Now.AddDays(-1d);
    Response.Cookies.Add(myCookie);
}

: cookie

:

cookie , Javascript :

<html>
<head>
  <title></title>
  <script type="text/javascript">
   function deleteCookie()
   {
     var d = new Date();
     document.cookie = "v0=1;expires=" + d.toGMTString() + ";" + ";";
     alert(document.cookie);
   }

  </script>
</head>

<body onunload="deleteCookie()">
...

</body>
</html>

, Javascript - .

+2

Tarik 29 . '09 18:51

cookie, , ASP.NET , FireFox .

cookie-, , Global.asax Session_Start.

protected void Session_Start(object sender, EventArgs e)
{
    HttpContext.Current.Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
}

+1

Wagner 29 . '09 20:54

: , FireFox...

0

Wim Hollebrandse 29 . '09 18:39

The problem is that if you set the expiration date, you will get a persistent cookie, the following code will work for me, where I want the user to choose between a persistent browser or only a la remember me cookie when logging in:

 public void SetAuthenticationCookie(LoginView loginModel)
    {
      if (!loginModel.RememberMe)
      {
        FormsAuthentication.SetAuthCookie(loginModel.Email, false);
        return;
      }
      const int timeout = 2880; // Timeout is in minutes, 525600 = 365 days; 1 day = 1440.
      var ticket = new FormsAuthenticationTicket(loginModel.Email, loginModel.RememberMe, timeout);
      //ticket.
      string encrypted = FormsAuthentication.Encrypt(ticket);
      var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted)
        {
          Expires = System.DateTime.Now.AddMinutes(timeout),
          HttpOnly = true
        };
      HttpContext.Current.Response.Cookies.Add(cookie);
    }

0

jenson-button-event Oct 16 '12 at 15:11

source share

Well, I found this solution, can help someone else:

if (Request.Cookies["TownID"] != null)
{
       HttpCookie myCookie = Request.Cookies["TownID"];
       myCookie.Expires = DateTime.Now.AddDays(-1d);
       Response.Cookies.Add(myCookie);
}

Source: http://forums.asp.net/p/1565112/3895452.aspx

0

Aishwarya shiva Dec 01 '13 at 16:00

source share

Tony Santos · Accepted Answer · 2009-10-29T18:59:59+0000

, , , , - , Firefox.

, , , Firefox 3...

, cookie, , . , , , , ...

, , , - , , , . , , , ...

ASP.NET Authentication Cookie Does Not Remove After Firefox Closes

More articles: