locked
request new login at new session RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1191665739 posted

    Hi..

    I have login with owin and claims....i need that when user reopen my app after close navigator  request login(actually app is keeping autentication :( ...)..how i can disable this implicit  option like "remeber me".?

    Tuesday, March 8, 2016 10:13 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User614698185 posted

    Hi Elvin Diz,

    The session ID is identified by the cookie ASP.NET places in the browser. And even if you abandon session, ASP.NET will reuse it if the cookie is there. You need to remove that cookie by setting its expiration date like below:

    HttpCookie mycookie =  new HttpCookie("ASP.NET_SessionId");
mycookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(mycookie);

    This will force ASP.NET to regenerate a new session ID.

    Best Regards,

    Candice Zhou

    Wednesday, March 9, 2016 5:12 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1779161005 posted

    The cookie authentication mechanism in OWIN/Katana has nothing to do with session state.

    If you do not want to allow persistent authentication cookies, then don't set the IsPeristent flag on the AuthenticationProperties when signing the user in on your login page. Also, don't show the "remember me" on your login page.

    https://msdn.microsoft.com/en-us/library/microsoft.owin.security.authenticationproperties%28v=vs.113%29.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 15, 2016 2:28 PM