Open Closed

AuthServer SSO,Blazor Cookies Not expired #8600


User avatar
0
heshengli created
  • ABP Framework version: v7.2.2
  • UI Type: Blazor Server
  • Database System: EF Core ( PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:
  • this project add SameSiteCookiesServiceCollectionExtensions method

Blazor Cookies Not expired


8 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Member

    Hello

    Can you please check this document https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-8.0 it will helps you.

    Thank you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Do you have an online website to reproduce?

    Thanks.

  • User Avatar
    0
    heshengli created

    hi

    Do you have an online website to reproduce?

    Thanks.

    是否可以在线会议

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You can check&share all http requests during the logout process.

    Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

    liming.ma@volosoft.com

    Thanks.

  • User Avatar
    0
    heshengli created

    You can check&share all http requests during the logout process.

    Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

    liming.ma@volosoft.com

    Thanks.

    system2 退出系统时,清理的是system2 的cookies和authserver 的cookie 。通过authserver 登录的blazor ,不受影响。 比如,一般情况下,autherver 44322/Account/Login ,登录成功后,直接访问system2 ,会重定向到authserver 登录,当authserver 已登录时,自动登录。登录成功后,autherver 44322/Account/Logout 退出登录,不影响system2 的登录状态。如何确保,authserver 44322/Account/Logout 退出登录时,使其他子系统cookie 都失效呢

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    OpenIddict does not support Front-Channel Logout and Back-Channel Logout mechanisms.

    If you only have two clients, system1 and system2, you can override the default LogoutController to return a view and add the logout URLs for both clients.

    <!DOCTYPE html>
    <html>
       <style>iframe{{display:none;width:0;height:0;}}</style>
       <body>
           <iframe src='https://localhost/signout-oidc'></iframe>
          <iframe src='https://localhost/signout-oidc'></iframe>
       </body>
    </html>
    

    https://github.com/abpframework/abp/blob/rel-7.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs#L12-L24

    https://github.com/openiddict/openiddict-core/issues/312


    You can maintain an array of client information, and add an iframe for each client to the logout view when logging out from the auth server.

  • User Avatar
    0
    heshengli created

    FrontChannelLogout sid 是用户id ,是否有效

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    OpenIddict 中没有SessionId的概念, 你可以添加这样的claim到authserver和客户端中. 并检查它

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on August 28, 2025, 08:29