Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 30, 2013 01:34 AM by BrockAllen
Jan 29, 2013 05:55 PM|LINK
Out primary login site is Claims based...but after login succeeds we create the forms auth cookies for some other external\internal sites
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(90), true, email);
cookie.Value = FormsAuthentication.Encrypt(ticket);
cookie.Expires = ticket.Expiration;
cookie.Path = ticket.CookiePath;
cookie.Domain = domain;
So while this "Works" in that we can log in...when we log out from the Claims site...none of the tickets are cleared\wiped so you can still get into those subdomain sites :/
Any idea what I might be doing wrong?
//Code run when someone hits the login page
if (HttpContext.Current.Request.Cookies[".MainSite"] != null)
//Attempt to wipe the cookie by changing the expires...does nothing
HttpCookie myCookie = HttpContext.Current.Request.Cookies[".MainSite"];
myCookie.Value = "";
myCookie.Expires = DateTime.Now.AddDays(-5);
FormsAuthentication.SignOut(); //Core site doesn't use Forms so I can see why this would fail?
SecurityManager.Logout(); //From the CMS for claims
Jan 29, 2013 07:13 PM|LINK
Which cookie(s) are failing to be cleared? All of them, or just one or two? The other issue I see is related to
Jan 29, 2013 07:49 PM|LINK
All cookies are still there, even the session ones :/
Well in the case here though, I'm really just concerned with that "MainSite" cookie (as a test anyway)
**EDIT** Thanks for that link, I'll investigate!
Jan 30, 2013 01:34 AM|LINK
In my experience, the problem if a cookie won't be removed if because you're not removing it in the same way you issued it -- in other words, make sure to remove it you set all the same properties like path, requires ssl, http only, etc.