Closed

AuthServer SSO,Blazor Cookies Not expired #8600

heshengli created 8 months ago

ABP Framework version: v7.2.2
UI Type: Blazor Server
Database System: EF Core ( PostgreSQL)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:
this project add SameSiteCookiesServiceCollectionExtensions method

Blazor Cookies Not expired

8 Answer(s)

0

Anjali_Musmade created 8 months ago
Support Team Member

Hello

Can you please check this document https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-8.0 it will helps you.

Thank you.
0

maliming created 8 months ago
Support Team Fullstack Developer

hi

Do you have an online website to reproduce?

Thanks.
0

heshengli created 8 months ago

hi

Do you have an online website to reproduce?

Thanks.

是否可以在线会议
0

maliming created 8 months ago
Support Team Fullstack Developer

You can check&share all http requests during the logout process.

Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

liming.ma@volosoft.com

Thanks.
0

heshengli created 8 months ago

You can check&share all http requests during the logout process.

Use Chrome to record and export as a HAR file. The HAR file will contain the request and response cookies.

liming.ma@volosoft.com

Thanks.

system2 退出系统时，清理的是system2 的cookies和authserver 的cookie 。通过authserver 登录的blazor ，不受影响。比如，一般情况下，autherver 44322/Account/Login ，登录成功后，直接访问system2 ，会重定向到authserver 登录，当authserver 已登录时，自动登录。登录成功后，autherver 44322/Account/Logout 退出登录，不影响system2 的登录状态。如何确保，authserver 44322/Account/Logout 退出登录时，使其他子系统cookie 都失效呢
0
maliming created 8 months ago
Support Team Fullstack Developer
hi

OpenIddict does not support Front-Channel Logout and Back-Channel Logout mechanisms.

If you only have two clients, system1 and system2, you can override the default LogoutController to return a view and add the logout URLs for both clients.

<!DOCTYPE html> <html> <style>iframe{{display:none;width:0;height:0;}}</style> <body> <iframe src='https://localhost/signout-oidc'></iframe> <iframe src='https://localhost/signout-oidc'></iframe> </body> </html>

https://github.com/abpframework/abp/blob/rel-7.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/LogoutController.cs#L12-L24

https://github.com/openiddict/openiddict-core/issues/312

You can maintain an array of client information, and add an iframe for each client to the logout view when logging out from the auth server.
0

heshengli created 8 months ago

FrontChannelLogout sid 是用户id ，是否有效
0

maliming created 8 months ago
Support Team Fullstack Developer

OpenIddict 中没有SessionId的概念, 你可以添加这样的claim到authserver和客户端中. 并检查它