我使用以下代码在我的asp.net mvc(C#)应用程序中设置cookie:
public static void SetValue(string key, string value, DateTime expires)
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
_request = httpContext.Request;
_response = httpContext.Response;
HttpCookie cookie = new HttpCookie(key, value) { Expires = expires };
_response.Cookies.Set(cookie);
}
我需要在用户点击退出时删除Cookie。使用“清除/删除”不会删除/删除设置的cookie。代码如下:
public static void Clear()
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
_request = httpContext.Request;
_response = httpContext.Response;
_request.Cookies.Clear();
_response.Cookies.Clear();
}
public static void Remove(string key)
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
_request = httpContext.Request;
_response = httpContext.Response;
if (_request.Cookies[key] != null)
{
_request.Cookies.Remove(key);
}
if (_response.Cookies[key] != null)
{
_response.Cookies.Remove(key);
}
}
我已尝试过上述两种功能,但当我尝试检查存在时,cookie仍然存在。
public static bool Exists(string key)
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
_request = httpContext.Request;
_response = httpContext.Response;
return _request.Cookies[key] != null;
}
这可能有什么问题?或者我要删除/删除cookie需要做什么?
答案 0 :(得分:53)
清除响应的cookie不会指示浏览器清除cookie,它只是不会将cookie发送回浏览器。要指示浏览器清除cookie,您需要告诉它cookie已过期,例如
public static void Clear(string key)
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
_response = httpContext.Response;
HttpCookie cookie = new HttpCookie(key)
{
Expires = DateTime.Now.AddDays(-1) // or any other time in the past
};
_response.Cookies.Set(cookie);
}
答案 1 :(得分:4)
请求和响应对象中的Cookie集合不是浏览器中Cookie的代理,它们是浏览器发送给您的一组Cookie,然后您发回。如果您从请求中删除cookie,那么它完全是服务器端,如果您在响应中没有cookie,那么您就不会将任何内容发送回客户端,这不会改变浏览器中的cookie集。所有
要删除Cookie,请确保在响应Cookie集合中 ,但过去有过期时间。
答案 2 :(得分:4)
只是为了添加其他东西,我也将值传回null,例如。
public static void RemoveCookie(string cookieName)
{
if (HttpContext.Current.Response.Cookies[cookieName] != null)
{
HttpContext.Current.Response.Cookies[cookieName].Value = null;
HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddMonths(-1);
}
}
答案 3 :(得分:3)
实现此目的的最佳方法是使用像Reflector这样的工具,看看System.Web.Security.FormsAuthentication.SignOut方法如何实现删除身份验证cookie。
在Reflector中,打开System.Web并导航到FormsAuthentication对象并找到SignOut方法。右键单击它并选择“Disassemble”(从菜单中选择您的语言)。
<强> VB.NET 强>
Public Shared Sub SignOut()
FormsAuthentication.Initialize
Dim current As HttpContext = HttpContext.Current
Dim flag As Boolean = current.CookielessHelper.DoesCookieValueExistInOriginal("F"c)
current.CookielessHelper.SetCookieValue("F"c, Nothing)
If (Not CookielessHelperClass.UseCookieless(current, False, FormsAuthentication.CookieMode) OrElse current.Request.Browser.Cookies) Then
Dim str As String = String.Empty
If (current.Request.Browser.Item("supportsEmptyStringInCookieValue") = "false") Then
str = "NoCookie"
End If
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, str)
cookie.HttpOnly = True
cookie.Path = FormsAuthentication._FormsCookiePath
cookie.Expires = New DateTime(&H7CF, 10, 12)
cookie.Secure = FormsAuthentication._RequireSSL
If (Not FormsAuthentication._CookieDomain Is Nothing) Then
cookie.Domain = FormsAuthentication._CookieDomain
End If
current.Response.Cookies.RemoveCookie(FormsAuthentication.FormsCookieName)
current.Response.Cookies.Add(cookie)
End If
If flag Then
current.Response.Redirect(FormsAuthentication.GetLoginPage(Nothing), False)
End If
End Sub
以上面的例子为例,我能够在共享程序集中创建一个名为RemoveCookie()的常用方法,代码如下:
<强> VB.NET 强>
''' <summary>
''' Method to remove a cookie
''' </summary>
''' <param name="key">Key</param>
''' <remarks></remarks>
Public Shared Sub RemoveCookie(ByVal key As String)
' Encode key for retrieval and remove cookie
With HttpContext.Current
Dim cookie As New HttpCookie(.Server.UrlEncode(key))
If Not IsNothing(cookie) Then
With cookie
.HttpOnly = True
.Expires = New DateTime(&H7CF, 10, 12)
End With
' Remove from server (has no effect on client)
.Response.Cookies.Remove(.Server.UrlEncode(key))
' Add expired cookie to client, effectively removing it
.Response.Cookies.Add(cookie)
End If
End With
End Sub
使用FireBug和FireBug的Cookie加载项(在FireFox中)测试了这个,我可以证明cookie立即被删除。
如有任何问题,请随时给我发消息。
答案 4 :(得分:1)
玩了一段时间,在这里尝试了所有其他答案后,我发现这里的答案都不是完全正确的。
正确的部分是您必须发送过期的cookie才能进行删除。没有其他人会注意到的部分(但在Ed DeGagne发布的Microsoft代码中得到了证明)是,删除的cookie选项必须与最初用于设置cookie的cookie选项完全匹配。
例如,如果最初使用HttpOnly选项创建了cookie,则在删除cookie时也必须设置此选项。我希望确切的行为会随浏览器的不同而变化,并且可能会随着时间的推移而变化,因此,可以长期有效的唯一安全选项是,确保删除响应中的所有cookie选项都完全匹配最初用于创建cookie的cookie选项。
答案 5 :(得分:0)
Response.Cookies [“ key”]。Expires = DateTime.Now;