How to clear/reset/renew Session Cookie in ASP.net core (Razor pages) app on login or logout
I am trying to get a new value for the Session Cookie for every new login. Basically, the value in the screenshot below should have a new random string every time a user logs in. This is to avoid Session Fixation.
I have tried the following :
On login :
Response.Cookies.Delete(".AspNetCore.Session");
HttpContext.Request.Cookies[".AspNetCore.Session"] = "123132" //does not allow to be set
On log out :
HttpContext.Session.Clear();
Response.Clear();
Session.Abandon() // Abandon is no longer available
But the value of the Session Cookie just does not change. Any guidance is greatly appreciated.
Solution
Try to use Response.Cookies.Delete(".AspNetCore.Session"); in Logout to delete the cookie
Below is a work demo, you can refer to it,
On login :
Response.Cookies.Append("Test_cookie", "yo");
On log out :
Response.Cookies.Delete("Test_cookie");
Result:
- Implement dotnet core Identity Provider server for Google
- ASP.Net Core API failing when I try to return results from Active Directory search and some values are empty
- View is not found when a Web App is deployed with Azure DevOps
- Set Log Levels for Microsoft.* , System, and AspNet when using Serilog
- tsconfig.json: Build:No inputs were found in config file
- Docker: No frameworks and runtimes were found (.NET 8)
- Logging in ASP.NET Core Main
- System.Net.Http vs Microsoft.Net.Http
- Get caller info for injected service in .NET Core
- LINQ Query Translation Error with Array of Search Queries in EF Core
- Cannot export file on .NET Core application
- Using ASP.Net Core Identity for Razor page web app and MAUI app
- Store does not implement IUserRoleStore<TUser> ASP.NET Core Identity
- Usehealthchecks vs Maphealthchecks
- How to resolve "TypeError: Failed to fetch" error on Blazor?
- @Html.Action in Asp.Net Core
- Why does ASP.NET Core 9 strip out importmap?
- Exclude specific endpoint serilog logging using aspnet core
- Why use AddScoped() instead of AddSingleton()?
- Blazor requesting a json file
- ASP.NET Core clear cache from IMemoryCache (set by Set method of CacheExtensions class)
- EF Core multitenacy, different schema. EF Core does not change the table schema when the API is at runtime
- NLOG Database Target can't connect
- Entity Framework Core: `SqlNullValueException: Data is Null.` How to troubleshoot?
- Partial views no longer get View Data after upgrading from .NET Core 2.2 to .NET 5
- How to use UIAutomation in .NET 5 or .NET 6
- How can I set permissions to a specific folder with Elastic Beanstalk using a C# ASP.NET Core app?
- How do the ASP.NET Core 5 OpenIdConnect authentication cookies work in theory?
- Programmatically generating request verification token
- In .net core how to download a static file with special extension in web root?