C# Cookie 在浏览器会话结束时过期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17736737/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cookie to Expire when Browser Session Ends
提问by Jonathan Wood
My research indicates that, if I create a cookie and don't set the expiration date, it will expire when the browser is closed.
我的研究表明,如果我创建一个 cookie 并且不设置过期日期,它会在浏览器关闭时过期。
So I created a cookie like this:
所以我创建了一个这样的cookie:
Response.Cookies.Set(new HttpCookie("MyKey", "X"));
But when I close the browser and then reopen it, the following expression equals true:
但是当我关闭浏览器然后重新打开它时,以下表达式等于 true:
Request.Cookies["MyKey"] != null
How can I have the cookie expire when the browser session ends?
如何在浏览器会话结束时让 cookie 过期?
Note: For my purposes, using static data instead of a cookie seems ideal. But my understanding is that an ASP.NET can restart for a variety of reasons, and that could pull the rug out from under the current user if I lost this setting.
注意:就我而言,使用静态数据而不是 cookie 似乎是理想的。但我的理解是 ASP.NET 可以出于多种原因重新启动,如果我丢失了这个设置,这可能会影响当前用户。
采纳答案by Jonathan Wood
It appears the issue is as Stober described. You can set a cookie to expire at the end of the browser session by setting the HttpCookie.Expiresproperty to DateTime.MinDate, or not setting the property at all.
问题似乎与 Stober 所描述的一样。您可以通过将该HttpCookie.Expires属性设置为DateTime.MinDate或根本不设置该属性来将 cookie 设置为在浏览器会话结束时过期。
However, at least with Chrome's pick up where you left offsettings, it appears that the browser session does not necessarily end when the browser closes. When closed and then reopened, the Chrome browser picks up right where it left off, as if the session never ended. This includes continuing to use cookies set expire at the end of the session.
但是,至少当 Chrome在您停止设置的地方继续时,浏览器会话似乎不一定会在浏览器关闭时结束。当关闭然后重新打开时,Chrome 浏览器从它停止的地方开始,就好像会话从未结束一样。这包括继续使用设置在会话结束时过期的 cookie。
I tried my same code on FireFox. Closing and reopening the browser caused the cookie to expire, exactly as expected.
我在 FireFox 上尝试了相同的代码。关闭并重新打开浏览器会导致 cookie 过期,正如预期的那样。
So while there are some general rules, in the end this behavior is totally up to the browser.
因此,虽然有一些一般规则,但最终这种行为完全取决于浏览器。
回答by Kees de Wit
Just set the Expiresproperty of your HttpCookieinstance to DateTime.MinDateand it will expire after the browser session ends.
只需将Expires您的HttpCookie实例的属性设置为DateTime.MinDate,它就会在浏览器会话结束后过期。
However, this is actually not a safe wayof protecting something with cookies, because the cookies are in fact valid for ever. It depends on the client implementation if the cookies are thrown away or not. If some bad person intercepts your cookies they will have access for ever.
然而,这实际上并不是用 cookie 保护某些东西的安全方式,因为 cookie 实际上永远有效。cookie 是否被丢弃取决于客户端的实现。如果某个坏人拦截了您的 cookie,他们将永远可以访问。
See also: MSDN - Cookie.ExpiresProperty
回答by KyleMit
You can catch this on the next Session_startevent. If you already have an authenticated user immediately when a brand new session starts, then you must have gotten that info from a stale cookie. Just null out the user info and let Login redirects take care of the rest.
您可以在下一次Session_start活动中抓住这一点。如果您在全新会话开始时立即拥有经过身份验证的用户,那么您一定是从过时的 cookie 中获取了该信息。只需清空用户信息,让登录重定向处理其余的事情。
Something like this in global.asax.cs:
像这样的东西global.asax.cs:
protected void Session_start()
{
// starting a session and already authenticated means we have an old cookie
var existingUser = System.Web.HttpContext.Current.User;
if (existingUser != null && existingUser.Identity.Name != "")
{
// clear any existing cookies
IAuthenticationManager authMgr = System.Web.HttpContext.Current.GetOwinContext().Authentication;
authMgr.SignOut("MyCookieType")
// manually clear user from HttpContext so Authorize attr works
System.Web.HttpContext.Current.User = new ClaimsPrincipal(new ClaimsIdentity());
}
}
- Code may vary somewhat depending on how you're authenticating users
- 代码可能会有所不同,具体取决于您对用户进行身份验证的方式
See also:
也可以看看:
