I have web app based on .net core3.1 and iis server.
For some reason, I cannot delete cookies on logout.
I tried Response.Cookies.Delete(cookie.Key);
and Response.Cookies.Append(cookie.Key, "", options);
with options.Expires = DateTime.Now.AddDays(-1)
and options.MaxAge = new TimeSpan(0);
, but this still doesnt work.
The problem does not appear when I run the project on localhost.
My configuration in startup.cs file.
ConfigureServices:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(15);
options.Cookie.IsEssential = true;
options.Cookie.Name = "b2bApp";
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.IsEssential = true;
options.Cookie.Name = "b2bApp";
options.ExpireTimeSpan = TimeSpan.FromMinutes(15);
options.LoginPath = "/Identity/Account/Login";
options.AccessDeniedPath = "/Identity/Account/AccessDenied";
options.SlidingExpiration = true;
});
Configure:
app.UseCookiePolicy();
app.UseSession();
Try the following code:
Response.Cookies.Delete("CookieName", new CookieOptions()
{
Secure = true,
});
In order to delete a SameSite=None cookie, the replacement cookie with the expiry date in the past also needs to have the Secure flag set. If that is not the case, the cookie won't be deleted (as in: the replacement cookie won't be accepted by Chrome).
Reference: How To Correctly Delete Your SameSite Cookies In Chrome (80+)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With