So while this "Works" in that we can log in...when we log out from the Claims site...none of the tickets are cleared\wiped so you can still get into those subdomain sites :/
Any idea what I might be doing wrong?
//Code run when someone hits the login page
if (HttpContext.Current.Request.Cookies[".MainSite"] != null)
{
//Attempt to wipe the cookie by changing the expires...does nothing
HttpCookie myCookie = HttpContext.Current.Request.Cookies[".MainSite"];
myCookie.Value = "";
myCookie.Expires = DateTime.Now.AddDays(-5);
HttpContext.Current.Response.Cookies.Add(myCookie);
}
FormsAuthentication.SignOut(); //Core site doesn't use Forms so I can see why this would fail?
SecurityManager.Logout(); //From the CMS for claims
HttpContext.Current.Session.Abandon();
In my experience, the problem if a cookie won't be removed if because you're not removing it in the same way you issued it -- in other words, make sure to remove it you set all the same properties like path, requires ssl, http only, etc.
sitefinityst...
Member
7 Points
28 Posts
Clearing FormsAuth from a Claims based site?
Jan 29, 2013 05:55 PM|LINK
Out primary login site is Claims based...but after login succeeds we create the forms auth cookies for some other external\internal sites
So while this "Works" in that we can log in...when we log out from the Claims site...none of the tickets are cleared\wiped so you can still get into those subdomain sites :/
Any idea what I might be doing wrong?
//Code run when someone hits the login page if (HttpContext.Current.Request.Cookies[".MainSite"] != null) { //Attempt to wipe the cookie by changing the expires...does nothing HttpCookie myCookie = HttpContext.Current.Request.Cookies[".MainSite"]; myCookie.Value = ""; myCookie.Expires = DateTime.Now.AddDays(-5); HttpContext.Current.Response.Cookies.Add(myCookie); } FormsAuthentication.SignOut(); //Core site doesn't use Forms so I can see why this would fail? SecurityManager.Logout(); //From the CMS for claims HttpContext.Current.Session.Abandon();BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: Clearing FormsAuth from a Claims based site?
Jan 29, 2013 07:13 PM|LINK
Which cookie(s) are failing to be cleared? All of them, or just one or two? The other issue I see is related to this.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
sitefinityst...
Member
7 Points
28 Posts
Re: Clearing FormsAuth from a Claims based site?
Jan 29, 2013 07:49 PM|LINK
All cookies are still there, even the session ones :/
Well in the case here though, I'm really just concerned with that "MainSite" cookie (as a test anyway)
**EDIT** Thanks for that link, I'll investigate!
BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: Clearing FormsAuth from a Claims based site?
Jan 30, 2013 01:34 AM|LINK
In my experience, the problem if a cookie won't be removed if because you're not removing it in the same way you issued it -- in other words, make sure to remove it you set all the same properties like path, requires ssl, http only, etc.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/