我有一個帶有 .net core 和 reactjs 的專案。我可以成功創建 cookie,但是在我的注銷方法中,我無法使用 response.cookies 方法獲取 cookie 來洗掉 cookie。我想要的只是洗掉cookie。這是我的后端代碼:
[HttpPost]
public async Task<IActionResult> Login(User user)
{
var userDb = await _creditTrackerContext.Users.FirstOrDefaultAsync(x => x.UserName == user.UserName && x.Password == user.Password);
if (userDb is not null && user.UserName == userDb.UserName && user.Password == userDb.Password)
{
var jwt = _jwtService.Generate(userDb.Id);
Response.Cookies.Append("jwt", jwt, new CookieOptions
{
HttpOnly = true,
IsEssential = true,
SameSite = SameSiteMode.None,
Secure = true,
});
return Ok(new
{
message = "success"
});
}
return BadRequest(new { message = "Invalid Credentials" });
}
[HttpGet]
public async Task<IActionResult> getAuthenticatedUser()
{
try
{
var jwt = Request.Cookies["jwt"];
var token = _jwtService.Verify(jwt);
int ID = Convert.ToInt32(token.Issuer);
var user = await _creditTrackerContext.Users.FindAsync(ID);
return Ok(user);
}
catch (Exception _ex)
{
return Unauthorized(_ex);
}
}
[Route("Logout")]
[HttpPost()]
public IActionResult Logout()
{
try
{
Response.Cookies.Delete("jwt");
return Ok(new
{
message = "success logout"
});
}
catch (Exception _ex)
{
throw new Exception("",_ex);
}
}
這是我從前端注銷的呼叫:
console.log('test')
const URL = 'https://localhost:44337/api/user/logout'
fetch(URL,{
method:'POST',
headers:{'Content-Type':'application/json'},
credentials:'include'
}).then( setRedirect(true))
}
而且我還看到了一些關于在非公共成員中啟用 cookie 解碼屬性的內容,但我沒有得到興趣。提前謝謝
uj5u.com熱心網友回復:
您不能通過以下方式洗掉瀏覽器中的 cookie:
Response.Cookies.Delete("jwt");
相反,您需要創建一個具有相同名稱但過期日期為過去的新 cookie。
像這樣的東西:
if (Request.Cookies["jwt"] != null)
{
var c = new HttpCookie("jwt")
{
Expires = DateTime.Now.AddDays(-1)
};
Response.Cookies.Add(c);
}
但是,存盤未加密的令牌是一個壞主意。我會將它添加到 ASP.NET Core 會話 cookie 中,因為這樣我就知道資料在添加為 cookie 之前已正確加密。
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/398169.html
