javascript - Cookie staying around after I delete it and refresh -
i'm trying remove user's authentication cookie using $cookiestore.remove('.aspxauth'), if refresh page afterwards, cookie still exists , page still available instead of user beingness redirected login page expect.
why user still able view page after delete authentication cookie , refresh page?
i'm afraid there isn't much can http-only cookie javascript. backend has remove if it's http-only. can trigger logout using ajax.
$http.get("/logout"); the other alternative utilize non http cookie can modify javascript. create vulnerable , unsafe risk of xss flaw grabbing cookie , allowing session hijacked.
ps: seek head request method if don't want load page follows (might work "do-and-forget-about-it")
$http.head("/logout"); javascript angularjs asp.net-mvc-4 cookies cookiestore
No comments:
Post a Comment