CODEWITHSUNDEEP
c#asp.net-mvccookiesasp.net-identity
AllMuch
AllMuch

Reputation: 39

ASP.NET MVC - How do Remove log in Cookies from a asp.net site

How to avoid that when logging in, the browser saves this login data and the user can enter even after closing the browser

Thats my login controller

 public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }

        var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
        var userDTO = new ExpandedUserDTO();

        switch (result)
        {                            
            case SignInStatus.Success:
                ApplicationUser user = await UserManager.FindAsync(model.Email, model.Password);
                return RedirectToAction("RedirectLogin");

            case SignInStatus.LockedOut:
                return View("Lockout");
            case SignInStatus.RequiresVerification:
                return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
            case SignInStatus.Failure:
            default:
                ModelState.AddModelError("", "Falha ao Realizar login, usuário ou senha incorretos.");
                return View(model);
        }
    }

Upvotes: 0

Views: 893

Answers (1)

David Paquette
David Paquette

Reputation: 524

The third parameter to SignInManager.PasswordSignInAsync determines whether or not the cookie will persist after the browser is closed. If you don't want the cookie to persist, always pass in false for this parameter.

See the documentation for this method here - https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.identity.signinmanager-1.passwordsigninasync?view=aspnetcore-2.2

You could try making the following changes:

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, false, shouldLockout: false);
    var userDTO = new ExpandedUserDTO();

    switch (result)
    {                            
        case SignInStatus.Success:
            ApplicationUser user = await UserManager.FindAsync(model.Email, model.Password);
            return RedirectToAction("RedirectLogin");

        case SignInStatus.LockedOut:
            return View("Lockout");
        case SignInStatus.RequiresVerification:
            return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false });
        case SignInStatus.Failure:
        default:
            ModelState.AddModelError("", "Falha ao Realizar login, usuário ou senha incorretos.");
            return View(model);
    }
}

Upvotes: 2

Related Questions