AuthServer SSO,Blazor Cookies Not expired #8600

8 Answer(s)

• 

  0

  Anjali_Musmade created 4 months ago

  Support Team Member

  Hello

  Can you please check this document https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-8.0 it will helps you.

  Thank you.

  Save Cancel
• 

  0

  maliming created 4 months ago

  Support Team Fullstack Developer

  hi

  Do you have an online website to reproduce?

  Thanks.

  Save Cancel
• 

  0

  heshengli created 4 months ago

  hi

  Do you have an online website to reproduce?

  Thanks.

  是否可以在线会议

  Save Cancel
• 

  0

  maliming created 4 months ago

  Support Team Fullstack Developer

  You can check&share all http requests during the logout process.

  Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

  liming.ma@volosoft.com

  Thanks.

  

  Save Cancel
• 

  0

  heshengli created 4 months ago

  You can check&share all http requests during the logout process.

  Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

  liming.ma@volosoft.com

  Thanks.

  

  system2 退出系统时，清理的是system2 的cookies和authserver 的cookie 。通过authserver 登录的blazor ，不受影响。 比如，一般情况下，autherver 44322/Account/Login ，登录成功后，直接访问system2 ，会重定向到authserver 登录，当authserver 已登录时，自动登录。登录成功后，autherver 44322/Account/Logout 退出登录，不影响system2 的登录状态。如何确保，authserver 44322/Account/Logout 退出登录时，使其他子系统cookie 都失效呢

  Save Cancel
• 

  0

  maliming created 4 months ago

  Support Team Fullstack Developer

  hi

  openiddict 不支持Front-Channel Logout和Back-Channel Logout机制.

  如果你的只有system1和system2这两个客户端, 你可以覆盖默认的LogoutController返回一个view 并添加2个客户端的注销url.

  在2个系统中增加一个新的端点signout-oidc, 如果有请求到达就注销.

  <!DOCTYPE html>
  <html>
     <style>iframe{{display:none;width:0;height:0;}}</style>
     <body>
         <iframe src='https://localhost/signout-oidc'></iframe>
         <iframe src='https://localhost/signout-oidc'></iframe>
     </body>
  </html>
  

  https://github.com/abpframework/abp/blob/rel-7.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs#L12-L24

  https://github.com/openiddict/openiddict-core/issues/312

  Save Cancel
• 

  0

  heshengli created 4 months ago

  hi

  openiddict 不支持Front-Channel Logout和Back-Channel Logout机制.

  如果你的只有system1和system2这两个客户端, 你可以覆盖默认的LogoutController返回一个view 并添加2个客户端的注销url.

  在2个系统中增加一个新的端点signout-oidc, 如果有请求到达就注销.

  <!DOCTYPE html> 
  <html> 
     <style>iframe{{display:none;width:0;height:0;}}</style> 
     <body> 
         <iframe src='https://localhost/signout-oidc'></iframe> 
         <iframe src='https://localhost/signout-oidc'></iframe> 
     </body> 
  </html> 
  

  https://github.com/abpframework/abp/blob/rel-7.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs#L12-L24

  https://github.com/openiddict/openiddict-core/issues/312

  FrontChannelLogout sid 是用户id ，是否有效

  Save Cancel
• 

  0

  maliming created 4 months ago

  Support Team Fullstack Developer

  OpenIddict 中没有SessionId的概念, 你可以添加这样的claim到authserver和客户端中. 并检查它

  Save Cancel