How to clear/reset/renew Session Cookie in ASP.net core (Razor pages) app on login or logout
Question
I am trying to get a new value for the Session Cookie for every new login. Basically, the value in the screenshot below should have a new random string every time a user logs in. This is to avoid Session Fixation.
I have tried the following :
On login :
Response.Cookies.Delete(".AspNetCore.Session");
HttpContext.Request.Cookies[".AspNetCore.Session"] = "123132" //does not allow to be set
On log out :
HttpContext.Session.Clear();
Response.Clear();
Session.Abandon() // Abandon is no longer available
But the value of the Session Cookie just does not change. Any guidance is greatly appreciated.
1 answers
solution1
0 2022-05-27 07:06:32
Try to use Response.Cookies.Delete(".AspNetCore.Session"); in Logout to delete the cookie
Below is a work demo, you can refer to it,
On login :
Response.Cookies.Append("Test_cookie", "yo");
On log out :
Response.Cookies.Delete("Test_cookie");
Result:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.