Comments by Member 11256349 (Top 4 by date)

I know that cookies are stored on the browser in the client's user profile, the server already writes it into a cookie on the browser. My question is that when the client wants to log out, it notifies the server, but this logout process takes place on the server side, for example


public ActionResult Logout()
{

Session.Clear();
Session.Abandon();
Session.RemoveAll();

FormsAuthentication.SignOut();
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);

return RedirectToAction("Index", "Login");
}

Here it says FormsAuthentication.SignOut(); and sends a new cookie file to the client by resetting the date. Then can we say that the server recreates the cookie file and creates a new cookie file by updating the date and sends it to the browser, the browser overwrites the new cookie file with the existing one and prevents the cookie from working? If this is so, the browser does not send an old dated cookie to the server anyway by looking at the date and time of the cookie when making a request from the site, right? So on the server side, I don't need to check whether this cookie is old or not, if it is old, it never goes to the server anyway?

I don't understand the difference between a normal cookie and FormsAuthentication and again I don't understand the difference between creating a cookie with FormsAuthentication and FormsAuthentication.SetAutCookie

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);


HttpCookie userInfo = new HttpCookie("userInfo");
userInfo["UserName"] = "Annathurai";
userInfo["UserColor"] = "Black";
userInfo.Expires.Add(new TimeSpan(0, 1, 0));
Response.Cookies.Add(userInfo);