asp.net-coresession-cookiesrazor-pagessession-fixation
How to clear/reset/renew Session Cookie in ASP.net core (Razor pages) app on login or logout
I am trying to get a new value for the Session Cookie for every new login. Basically, the value in the screenshot below should have a new random string every time a user logs in. This is to avoid Session Fixation.
I have tried the following :
On login :
Response.Cookies.Delete(".AspNetCore.Session");
HttpContext.Request.Cookies[".AspNetCore.Session"] = "123132" //does not allow to be set
On log out :
HttpContext.Session.Clear();
Response.Clear();
Session.Abandon() // Abandon is no longer available
But the value of the Session Cookie just does not change. Any guidance is greatly appreciated.
Solution
Try to use Response.Cookies.Delete(".AspNetCore.Session"); in Logout to delete the cookie
Below is a work demo, you can refer to it,
On login :
Response.Cookies.Append("Test_cookie", "yo");
On log out :
Response.Cookies.Delete("Test_cookie");
Result:
- Kestrel ignores certificate configuration in code
- Conditional not working in ASP.NET Core 7 Razor view
- Get null in controller when implementing IEnumerable in ASP NET model
- Directory.Build.props only respected when building .sln file
- What is the next step after login for frontend? I am working with .NET 8 Blazor Web App InteractiveAuto
- Are C# 9 'init' properties safe to use for configuration binding (IOptions)?
- How do I run npm build as part of dotnet publish
- Integration test with WebApplicationFactory fails with ObjectDisposedException for IServiceProvider
- Does .NET Core IServiceScopeFactory child scope dispose transient services?
- ServiceCollection does not contain a definition from "AddLogging"
- Token Request Failing and Returning error invalid grant
- How to extend existing third party model?
- Dependency injection approach for object used only in a single method
- How to use appsettings.json in Asp.net core 6 Program.cs file
- ASP.NET Core absolutely refuses to host on other port
- Asp.net core keep using the expired certificate
- Adding classes to Blazor(Razor) Validation
- How can you split the Query / Mutation / Subscription type into multiple files with HotChocolate GraphQL?
- Middleware that calls other middlewares
- Asp.Net Core - The configured user limit (128) on the number of inotify instances has been reached
- Locale "ar-KW" is not getting listed CultureInfo.GetCultures(CultureTypes.AllCultures) in Windows10 .NET 8 Blazor WASM
- Returning Values to Razor Page - Confused Javascript or .cs?
- After Get success, why does first Angular 9 Put request succeed on MVC Core 2.2 API Controller, but fails on next PUT with http err 302 and/or 503?
- Entity Framework search multiple words
- 'Access-Control-Allow-Origin' in ASP.NET Core 6
- How to run dotnet tests in a specific environment?
- How can I make my Blazor Web App save the login infor entered as it would in InteractiveServer but still be able to use the HttpContext for login?
- Exchanging a google idToken for local openId token c#
- Is the ConfigureApplicationCookie(...) designed to allow us to configure an existing cookie by default in the default scheme (Cookies)?
- ASP.NET Azure AD / Entra Authentication - App roles in token, but not being assigned to principal