Clear/Delete Cookies when user leave page.

Question

0.00/5 (No votes)

See more:

Hi All,

I have a web application that have login and logout page. The issue I am facing is after the user login successfully rather then clicking logout the user click the home button on IE menu bar then go back to my site that user credential is still store in the cookie. Does anyone know the best way to clear out the user cookie ?

Thanks
DocHoliday

Posted 1-Oct-10 2:28am

AsianRogueOne

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sandeep Mewara · Answer 1 · 2010-10-01T05:39:00

Solution 1

You store user credentials and authentication details in a cookie?
You shouldn't. Instead use sessions for the same.

Cookies are client side state management technique and not good from security prospective to store those details. Sessions are generally a suitable option for it.

Posted 1-Oct-10 5:39am

Sandeep Mewara

AsianRogueOne · Answer 2 · 2010-10-01T06:04:00

Thanks for your reply,
I am checking the user's credential using LDAP and the code I used below: Can you give me example how I can modify this to use session instead ?

Thanks in advance for your help.
DocHoliday.

<pre lang="vb">Protected Sub AutenicateUser(ByVal DomainName As String, ByVal UserName As String, ByVal Password As String)


        Dim adPath As String = ConfigurationManager.AppSettings("LDAP_ROOT")

        Dim adAuth As New UserAuthenticationValation.ActiveDirectorAuthentication(adPath)
        Try
            If True = adAuth.IsAuthenticated(DomainName, UserName, Password) Then
                Dim groups As String = adAuth.GetGroups(DomainName, UserName, Password)

                'Create the ticket, and add the groups.
                Dim isCookiePersistent As Boolean = chkPersist.Checked
                Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
                     txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)

                'Encrypt the ticket.
                Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)

                'Create a cookie, and then add the encrypted ticket to the cookie as data.
                authCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
                If (isCookiePersistent = True) Then
                    authCookie.Expires = authTicket.Expiration
                End If
                'Add the cookie to the outgoing cookies collection.
                Response.Cookies.Add(authCookie)

                Dim Subgroups As String() = groups.Split(New Char() {"|"c})
                Dim GroupName As String
                For Each GroupName In Subgroups
                    If GroupName = mstrValidateGroup Then
                        mbValidationFail = True
                        Exit For
                    End If
                Next
                'You can redirect now.
                If mbValidationFail = True Then
                    Session("User_id") = UserName
                    mstrUserID = UserName
                    Response.Redirect("Default.aspx")
                Else
                    lblError.Text = "At this time, you do not have access to this application." & "<BR> If you feel you have received this message in error, please contact the helpdesk @ 368-3375."

                End If
            Else
                lblError.Text = "Authentication did not succeed. Check user name and password."

            End If

        Catch ex As Exception
            lblError.Text = "Error authenticating. " & ex.Message
            lblError.Visible = True
        End Try

    End Sub



End Class