I just set this cookie to be expired as a normal cookie by setting its expiry date to -1d.
Testers says __RequestVerificationToken_Lw__ cookies should be expired on logout?
-
28-06-2022 - |
Domanda
I am working on a MVC 4 web site, tester has informed me on Logout .ASPXAUTH cookies expired automatically but RequestVerificationToken_Lw cookies do not expires.
I am not sure is RequestVerificationToken_Lw suppose to expire on logout ? On logout user is returned to logon page which do not have Html.AntiForgeryToken() used in it. Any guidline please how I can set RequestVerificationToken_Lw to be expired on logout ?
Thanks for your help and guidance.
Soluzione 2
Altri suggerimenti
Why you need VerificationToken for the logout , its dont have any sense.. This is just protecting vs cross-site-scripting and fired all time when something changes in Cookie objects like FormAuthenticated values or some form data just it.
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow