문제

I am currently studying the new ASPNET Identity and Owin Authentication so that I can customize it for my own use. I just created a default MVC 5 Application and came across this piece of code

    private async Task SignInAsync(ApplicationUser user, bool isPersistent)
    {
        AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); /// WHY??
        var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
        AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
    }

The Question

Is there any security risk to leaving an External Cookie?

도움이 되었습니까?

해결책

Turns out that the purpose of that line is to Deactivate the External Cookie that was gotten from the 3rd Party Provider. Since The intention is to transfer the Identity of the user from the 3rd Party to the Local Identity.

Not doing so would cause the cookie to remain valid even after the user has signed out.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top