Open Closed

AuthServer SSO,Blazor Cookies Not expired #8600

User avatar
0
heshengli created
  • ABP Framework version: v7.2.2
  • UI Type: Blazor Server
  • Database System: EF Core ( PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:
  • this project add SameSiteCookiesServiceCollectionExtensions method

Blazor Cookies Not expired

Go to accepted answer
8 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello

    Can you please check this document https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-8.0 it will helps you.

    Thank you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Do you have an online website to reproduce?

    Thanks.

  • User Avatar
    0
    heshengli created

    hi

    Do you have an online website to reproduce?

    Thanks.

    是否可以在线会议

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You can check&share all http requests during the logout process.

    Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

    liming.ma@volosoft.com

    Thanks.

  • User Avatar
    0
    heshengli created

    You can check&share all http requests during the logout process.

    Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

    liming.ma@volosoft.com

    Thanks.

    system2 退出系统时,清理的是system2 的cookies和authserver 的cookie 。通过authserver 登录的blazor ,不受影响。 比如,一般情况下,autherver 44322/Account/Login ,登录成功后,直接访问system2 ,会重定向到authserver 登录,当authserver 已登录时,自动登录。登录成功后,autherver 44322/Account/Logout 退出登录,不影响system2 的登录状态。如何确保,authserver 44322/Account/Logout 退出登录时,使其他子系统cookie 都失效呢

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    openiddict 不支持Front-Channel Logout和Back-Channel Logout机制.

    如果你的只有system1system2这两个客户端, 你可以覆盖默认的LogoutController返回一个view 并添加2个客户端的注销url.

    在2个系统中增加一个新的端点signout-oidc, 如果有请求到达就注销.

    <!DOCTYPE html>
<html>
   <style>iframe{{display:none;width:0;height:0;}}</style>
   <body>
       <iframe src='https://localhost/signout-oidc'></iframe>
       <iframe src='https://localhost/signout-oidc'></iframe>
   </body>
</html>

    https://github.com/abpframework/abp/blob/rel-7.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs#L12-L24

    https://github.com/openiddict/openiddict-core/issues/312

  • User Avatar
    0
    heshengli created

    hi

    openiddict 不支持Front-Channel Logout和Back-Channel Logout机制.

    如果你的只有system1system2这两个客户端, 你可以覆盖默认的LogoutController返回一个view 并添加2个客户端的注销url.

    在2个系统中增加一个新的端点signout-oidc, 如果有请求到达就注销.

    <!DOCTYPE html> 
<html> 
   <style>iframe{{display:none;width:0;height:0;}}</style> 
   <body> 
       <iframe src='https://localhost/signout-oidc'></iframe> 
       <iframe src='https://localhost/signout-oidc'></iframe> 
   </body> 
</html>

    https://github.com/abpframework/abp/blob/rel-7.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs#L12-L24

    https://github.com/openiddict/openiddict-core/issues/312

    FrontChannelLogout sid 是用户id ,是否有效

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    OpenIddict 中没有SessionId的概念, 你可以添加这样的claim到authserver和客户端中. 并检查它

Assignee
User avatar maliming
Labels
None yet
Made with ❤️ on ABP v9.2.0-preview. Updated on January 08, 2025, 14:09