asp.net - 拒绝访问持久性 cookie

Question

如果有人从星巴克登录电脑（例如），他们不小心选中了“记住我”选项，从而在该电脑上设置了一个持久性 cookie，有没有办法在不改变 cookie 名称的情况下从服务器拒绝该 cookie在 web.config 中？

Answer 1

我通过在 web.config 中设置 machineKey 并在更改用户名/密码时更改它来解决这个问题（实际上是一段时间）：

 Sub ChangeMachineKey()
    Dim commandLineArgs As String() = System.Environment.GetCommandLineArgs()
    Dim decryptionKey As String = CreateMachineKey(64)
    Dim validationKey As String = CreateMachineKey(128)
    'HttpContext.Current.Response.Write(decryptionKey + "<br />" + validationKey + "<hr />")
    Dim filename As String = HttpContext.Current.Server.MapPath("~/Web.config")
    Dim XmlReader As XmlTextReader = New XmlTextReader(filename)

    Dim xDoc As XmlDocument = New XmlDocument()
    xDoc.Load(XmlReader)
    XmlReader.Close()

    Dim Node As System.Xml.XmlNode = xDoc.SelectSingleNode("//configuration/system.web/machineKey")
    Node.Attributes.GetNamedItem("validationKey").Value = validationKey
    Node.Attributes.GetNamedItem("decryptionKey").Value = decryptionKey
    xDoc.Save(filename)
End Sub

Public Shared Function CreateMachineKey(ByVal numBytes As Integer) As String
    Dim Random As Byte() = New Byte(numBytes / 2 - 1) {}
    Dim rng As New RNGCryptoServiceProvider()
    rng.GetBytes(Random)
    Dim machineKey As New System.Text.StringBuilder(numBytes)
    Dim i As Integer = 0
    Do While i < Random.Length
        machineKey.Append(String.Format("{0:X2}", Random(i)))
        i += 1
    Loop
    Return machineKey.ToString()
End Function

这会迫使每个人重新登录，但由于只有一个管理员帐户，它对我来说非常有效！