TechQA.

How to clear/reset/renew Session Cookie in ASP.net core (Razor pages) app on login or logout

8.3k views Asked by At

I am trying to get a new value for the Session Cookie for every new login. Basically, the value in the screenshot below should have a new random string every time a user logs in. This is to avoid Session Fixation.

I have tried the following :

On login :

Response.Cookies.Delete(".AspNetCore.Session");

HttpContext.Request.Cookies[".AspNetCore.Session"] = "123132" //does not allow to be set

On log out :

HttpContext.Session.Clear();

Response.Clear();

Session.Abandon() // Abandon is no longer available

But the value of the Session Cookie just does not change. Any guidance is greatly appreciated.

Session Cookie on Browser Inspect

asp.net-core session-cookies razor-pages session-fixation
Original Q&A
1

There are 1 answers

5
Qing Guo On BEST ANSWER

Try to use Response.Cookies.Delete(".AspNetCore.Session"); in Logout to delete the cookie

Below is a work demo, you can refer to it,

On login :

Response.Cookies.Append("Test_cookie", "yo");

On log out :

 Response.Cookies.Delete("Test_cookie");

Result:

enter image description here

Related Questions in ASP.NET-CORE

Related Questions in SESSION-COOKIES

Related Questions in RAZOR-PAGES

Related Questions in SESSION-FIXATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions