Menu
So I have a site sitting on URL "mysite.com" and another site on "subdomain.mysite.com". User accounts are stored in "mysite.com", so when I need to log in on "subdomain.mysite.com" I take the user to "mysite.com", they enter their credentials authenticate them normally and make sure that the authentication cookie is usable in "subdomain.mysite.com" by setting the domain in the cookie as follows:
HttpCookie cookie = FormsAuthentication.GetAuthCookie(username, true);
cookie.Domain = ".mysite.com";
Response.Cookies.Add(cookie);
Then I redirect them back to "subdomain.mysite.com" and the user is thankfully authenticated there.
Everything works well except when logging out. When the user tries to log out from any site, I remove the authentication cookie as expected:
FormsAuthentication.SignOut();
But for some reason the cookie is not being removed, the user stays logged in.
I have tried deleting the cookie directly using Request.Cookies[FormsAuthentication.FormsCookieName] but still nothing. Chrome is holding on to the cookie really tight for some reason: I can see it in Chrome's developer tools.
What am I doing wrong? Help!
609
Alright, found the solution to the problem.
HttpCookie cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
cookie.Domain = ".mysite.com";
cookie.Expires = DateTime.Now.AddMilliseconds(-1);
Response.Cookies.Add(cookie);
As you can see, two things happen here:
- I'm explicitly setting the domain again for the cookie I'm handling. Apparently you have to tell the browser the domain context or it simply won't find the cookie.
- Instead of removing the cookie, I'm simply expiring it.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With