Session, cookies and Security
I got a problem.
I have a web app,where I do the following:
1)Login
2)later extract the cookie 3)Logout 4)Insert manually the cookieand when I visit some page again, I'm l开发者_如何学Pythonogged. How can I fix it? I want the cookie expiration.
thanks for your response.
I suggest you use the built-in Forms Authentication mechanism.
What is in that cookie? Just a "loggedin = yes" value?
In that case you could change that to "loggedinsession = {current session ID}".
On logout, delete the cookie (set the value to empty, without expiry) and also .Abandon() the session (so a new request gets a new session ID).
The logged-in check then changes from "does the cookie exist" to "is the value the same as the current session ID".
精彩评论