在mvc中没有删除Cookie(c#)

Question

我想在mvc4中创建login和logOut函数.在login func中,如果登录cookie存在且不为空,则用户处于signIn模式,否则重定向到登录页面.在logOut func中,所有cookie和会话都清除并重定向到login func,但是在login func中存在登录cookie!

登录:

public ActionResult Login()
        {
            if (Request.Cookies["login"] != null)
            {
                string login = Request.Cookies["login"].Value.ToString();                

                if (login != string.Empty)
                {
                    //Get from service
                    Service srv = new Service();
                    UserItem userItem = srv.getUserItem(login);                    
                    srv.Close();

                    Session.Timeout = 30;
                    Session["login "] = login;
                    Session["userId"] = userItem.No;
                    Session["firstName"] = userItem.FirstName;
                    Session["lastName"] = userItem.LastName;
                    string loginName = userItem.LoginName;                    

                    FormsAuthentication.SetAuthCookie(loginName, false);

                    return Redirect(“Index”);
                }
                else 
                {
                    Return redirect("http://mySite/SignIn.aspx");
                }
            }
            else
            {
                Return redirect("http://mySite/SignIn.aspx");                    
            }
        }

登出:

public ActionResult LogOut()
        {
            string login = Session["login"].ToString();

            Request.Cookies["login"].Value = "";
            Response.Cookies["login"].Value = "";

            FormsAuthentication.SignOut();
            HttpCookie c = Request.Cookies[FormsAuthentication.FormsCookieName];
            c.Expires = DateTime.Now.AddDays(-1);

            Session.Clear();
            Request.Cookies.Clear();
            Response.Cookies.Clear();

            //FormsAuthentication.Initialize();
            //string strRole = String.Empty;
            //FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, "", DateTime.Now, DateTime.Now.AddMinutes(-30), false, strRole, FormsAuthentication.FormsCookiePath);
            //Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat)));

            //Session.Abandon();

            //// clear authentication cookie
            //HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
            //cookie1.Expires = DateTime.Now.AddYears(-1);
            //Response.Cookies.Add(cookie1);

            //// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
            //HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
            //cookie2.Expires = DateTime.Now.AddYears(-1);
            //Response.Cookies.Add(cookie2);

            //FormsAuthentication.RedirectToLoginPage();               

            return RedirectToAction("Login", "Usr");
        }

Web.config文件:

<authentication mode="Forms">
      <forms loginUrl="~/Usr/Login" timeout="30" />
    </authentication>

我正在尝试评论代码,甚至评论这一行:

FormsAuthentication.SignOut();

即使我将cookie值设置为"",但在登录页面中,此cookie具有旧值!并尝试了几种方法来清除cookie,就像设置到期一天后到期.但…

谢谢

Answer 1

您正在更改Cookie的值,但您不会再将其添加到响应中!

FormsAuthentication.SignOut();
HttpCookie c = Request.Cookies[FormsAuthentication.FormsCookieName];
c.Expires = DateTime.Now.AddDays(-1);

// Update the amended cookie!
Response.Cookies.Set(c)

Session.Clear();
/* Get rid of this, it will break the above by clearing
 * the cookie collection that you've just updated. */
// Request.Cookies.Clear();
// Response.Cookies.Clear();