3 回答

TA贡献1850条经验 获得超11个赞
用户仍然可以浏览您的网站,因为在您拨打电话时不会清除Cookie,FormsAuthentication.SignOut()并且每次新请求都会对其进行身份验证。在MS文档中说cookie将被清除,但它们没有,bug?与它完全相同Session.Abandon(),cookie仍然存在。
您应该将代码更改为:
FormsAuthentication.SignOut();
Session.Abandon();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
SessionStateSection sessionStateSection = (SessionStateSection)WebConfigurationManager.GetSection("system.web/sessionState");
HttpCookie cookie2 = new HttpCookie(sessionStateSection.CookieName, "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
FormsAuthentication.RedirectToLoginPage();
HttpCookie
在System.Web
命名空间中。MSDN参考。

TA贡献1813条经验 获得超2个赞
听起来像你没有正确设置你的web.config授权部分。请参阅下面的示例。
<authentication mode="Forms"> <forms name="MyCookie" loginUrl="Login.aspx" protection="All" timeout="90" slidingExpiration="true"></forms></authentication><authorization> <deny users="?" /></authorization>
- 3 回答
- 0 关注
- 1068 浏览
添加回答
举报