FormsAuthentication.SignOut（）不会将用户注销

FormsAuthentication.SignOut();Session.Abandon();FormsAuthentication.RedirectToLoginPage();

3回答

慕盖茨4494581

用户仍然可以浏览您的网站，因为在您拨打电话时不会清除Cookie，FormsAuthentication.SignOut()并且每次新请求都会对其进行身份验证。在MS文档中说cookie将被清除，但它们没有，bug？与它完全相同Session.Abandon()，cookie仍然存在。您应该将代码更改为：FormsAuthentication.SignOut();Session.Abandon();// clear authentication cookieHttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");cookie1.Expires = DateTime.Now.AddYears(-1);Response.Cookies.Add(cookie1);// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)SessionStateSection sessionStateSection = (SessionStateSection)WebConfigurationManager.GetSection("system.web/sessionState");HttpCookie cookie2 = new HttpCookie(sessionStateSection.CookieName, "");cookie2.Expires = DateTime.Now.AddYears(-1);Response.Cookies.Add(cookie2);FormsAuthentication.RedirectToLoginPage();HttpCookie在System.Web命名空间中。MSDN参考。

0

0

0

慕姐8265434

听起来像你没有正确设置你的web.config授权部分。请参阅下面的示例。<authentication&nbsp;mode="Forms"> &nbsp;&nbsp;<forms&nbsp;name="MyCookie"&nbsp;loginUrl="Login.aspx"&nbsp;protection="All"&nbsp;timeout="90"&nbsp;slidingExpiration="true"></forms></authentication><authorization> &nbsp;&nbsp;<deny&nbsp;users="?"&nbsp;/></authorization>

0

0

0