In Asp.net, the instance code of the Session or Cookie is cleared during secure exit, and the session is safely exited.
Overview:
Click exit in the website. If you only redirect to the logon/exit page, enter a page address such as the homepage in the address bar of the browser, and you will find that you can access it without logging on. This so-called exit is not safe.
So how can we exit safely?
That is, click to exit and clear the corresponding Session or Cookie.
Clear the Session code:
Session.Clear();Session.Abandon();
The correct code for clearing the Cookie (assuming the Cookie name is UserInfo ):
if (Request.Cookies["UserInfo"] != null){Response.Cookies["UserInfo"].Expires = DateTime.Now.AddDays(-1);}
To clear all cookies, traverse:
for (int i = 0; i <Response.Cookies.Count; i++){Response.Cookies[i].Expires = DateTime.Now.AddDays(-1);}
Error code for clearing the Cookie (assuming the Cookie name is UserInfo ):
if (Request.Cookies["UserInfo"] != null){Response.Cookies.Remove("UserInfo");}
You will find that, after such processing, the Cookie still exists. Why can't it be deleted? Let's take a look at the source code of. NET's HttpCookieCollection implementation:
public void Remove(string name){if (this._response != null){this._response.BeforeCookieCollectionChange();}this.RemoveCookie(name);if (this._response != null){this._response.OnCookieCollectionChange();}}
This operation deletes the cookie in the HttpCookieCollection set. When the Server transfers data to the client, it does not contain any information about the Cookie that has been deleted on the server, the browser will not make any changes to the cookie (the remove method only prevents the server from sending the deleted cookie to the client, and this cookie is not left in the client ). Therefore, the cookie cannot be deleted.
Since Response. cookies. there is no way to implement the effect we need to Remove. Why does Microsoft keep it? Because CookieCollection implements the ICollection interface, romove is a required method, although it has little practical value. The romove of the set should also be implemented in this way, but Microsoft did not clearly describe it when writing MSDN, which caused us a lot of trouble.
The following summarizes several methods for implementing Security Exit:
1). Exit with server controls such as Linkbutton and Button.
This method is best handled: simply write the code to clear the Session or Cookie in the event corresponding to the server control.
2) Use HTML tags such as <a> logout </a> to exit
For the special mark <a> </a>, you can do this:<A href = "logout. aspx"> log out </a>
In the Page_Load event of logout. aspx, write the code to clear the Session or Cookie.
For HTML tags such as <a> </a>, you can use Js-Ajax or jQuery-Ajax in the corresponding client events marked by HTML (. to clear the Session or Cookie.
For HTML tags such as <a> </a>, you can also add a server control such as a Button on the current page, use div to include it, and hide it (note: hidden and invisible. The server attribute Visible = False can only be used to set the display: none; of the div.) Compile the code to clear the Session or Cookie in the server event Cilck of the Button; then, you can use Js or jQuery to call the Click Event of the Button control in the corresponding client event marked in HTML (set the Button to hide by using the Server property Visible = False, js or jQuery calls the Button control's Click event will be invalid ).
The above section describes the instance code for clearing the Session or Cookie during secure exit of Asp.net. I hope it will help you. If you have any questions, please leave a message, the editor will reply to you in a timely manner. Thank you very much for your support for the help House website!