iis .net core 3.1无法删除cookie

cwdobuhd  于 11个月前  发布在  .NET
关注(0)|答案(4)|浏览(147)

我有基于.net core3.1和iis服务器的Web应用程序。由于某种原因,我无法在注销时删除cookie。我尝试了Response.Cookies.Delete(cookie.Key);Response.Cookies.Append(cookie.Key, "", options);options.Expires = DateTime.Now.AddDays(-1)options.MaxAge = new TimeSpan(0);,但这仍然不起作用。
当我在localhost上运行项目时,问题不会出现。
startup.cs文件中的配置。
配置服务:

services.Configure<CookiePolicyOptions>(options =>
{
    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
    options.CheckConsentNeeded = context => true;
    options.MinimumSameSitePolicy = SameSiteMode.None;
});

services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromMinutes(15);
    options.Cookie.IsEssential = true;
    options.Cookie.Name = "b2bApp";
});
services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.HttpOnly = true;
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
    options.Cookie.SameSite = SameSiteMode.Strict;
    options.Cookie.IsEssential = true;
    options.Cookie.Name = "b2bApp";
    options.ExpireTimeSpan = TimeSpan.FromMinutes(15);
    options.LoginPath = "/Identity/Account/Login";
    options.AccessDeniedPath = "/Identity/Account/AccessDenied";
    options.SlidingExpiration = true;
});

字符串
配置:

app.UseCookiePolicy();
app.UseSession();

wh6knrhe

wh6knrhe1#

请尝试以下代码:

Response.Cookies.Delete("CookieName", new CookieOptions()
{
    Secure = true,
});

字符串
为了删除SameSite=None Cookie,过期日期在过去的替换Cookie也需要设置安全标志。如果不是这种情况,则不会删除Cookie(例如:替换Cookie不会被Chrome接受)。
参考:How To Correctly Delete Your SameSite Cookies In Chrome (80+)

wgx48brx

wgx48brx2#

除非您使用与创建要删除的Cookie时相同的选项(Cookie选项),否则删除将无法正常工作。
例如,如果您使用这些选项创建了Cookie,则需要使用相同的删除,但“Expires”除外

new Microsoft.AspNetCore.Http.CookieOptions
{ 
    Expires = DateTime.Now.AddHours(120), 
    Path = "/", 
    HttpOnly = true, 
    Secure = this.Request.IsHttps, 
    IsEssential = true 
}

字符串

xzv2uavs

xzv2uavs3#

因此,据我所知,Response.Cookies.Delete(“key”)只为要删除的cookie设置了一个过期日期,但实际上并没有删除它。所以这里有一个解决方案,我做。我首先删除cookie中的数据,这样如果cookie被使用,它就不会有问题,因为里面什么都没有,然后删除它。

public void RemoveCookie(string key)
{
    //Erase the data in the cookie
    CookieOptions option = new CookieOptions();
    option.Expires = DateTime.Now.AddDays(-1);
    option.Secure = true;
    option.IsEssential = true;
    Response.Cookies.Append(key, string.Empty, option);
    //Then delete the cookie
    Response.Cookies.Delete(key);
}

字符串

n1bvdmb6

n1bvdmb64#

@JayHandle的回应是最接近让它工作.创建了一个空cookie与所有标志匹配的cookie杀死和过期.饼干.删除阻止它为我工作:

context.Response.Cookies.Append("cookie-name", string.Empty, new CookieOptions
                    {
                        Path = context.Request.PathBase, // needed if running under virtual directory
                        Secure = true,
                        Expires = DateTimeOffset.UtcNow.AddDays(-2),
                        IsEssential = true,
                        SameSite = SameSiteMode.Lax // Match the same site settings of the cookie
                    });

字符串

相关问题