I am developing ASP.NET MVC application. I made some changes to save some extra info in cookie in latest version. Few of my customers are still running old version. Is there any way to expire the existing cookies of my existing customer and enforce them to log-on again when they connect to my new application hosted in IIS?
Thanks,
The Cookies window will appear. In the Search: field, type the name of the site whose cookies you want to remove. The cookies that match your search will be displayed. Select the cookie (s) in the list to remove and click Remove Selected. Close the Cookies window. Close the about:preferences page.
Once a cookie is created, the cookie is the single source of identity. If a user account is disabled in back-end systems: The app's cookie authentication system continues to process requests based on the authentication cookie. The user remains signed into the app as long as the authentication cookie is valid.
Use cookie authentication without ASP.NET Core Identity. ASP.NET Core Identity is a complete, full-featured authentication provider for creating and maintaining logins. However, a cookie-based authentication authentication provider without ASP.NET Core Identity can be used.
Authentication cookies are allowed when a site visitor hasn't consented to data collection. For more information, see General Data Protection Regulation (GDPR) support in ASP.NET Core. In Startup.Configure, call UseAuthentication and UseAuthorization to set the HttpContext.User property and run Authorization Middleware for requests.
You could use the SignOut static method:
FormsAuthentication.SignOut();
This will remove the authentication cookie and on subsequent requests the user will not be authenticated. I stressed the word subsequent because after calling this method you should redirect.
I am giving newer name to my cookie in web.config, and this seem to solve my problem:-
<forms loginUrl="~/Account/LogOn" name="InsightWebMobileCookie2" timeout="10000" slidingExpiration="true" />
The problem here is you cannot read the cookie expiration date so you don't know from the cookie who the old users are.
So your options are:
You would put that code in a Application_AuthenticateRequest event in the global.asax. at this point a user has been authenticated so you can check their cookie there.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With