[Mono-bugs] [Bug 81195][Nor] New - LoginStatus logout does not clear Role cookie [w/ fix]

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Mar 19 21:44:37 EDT 2007 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by mmorano at mikeandwan.us.

http://bugzilla.ximian.com/show_bug.cgi?id=81195

--- shadow/81195	2007-03-19 20:44:37.000000000 -0500
+++ shadow/81195.tmp.16786	2007-03-19 20:44:37.000000000 -0500
@@ -0,0 +1,72 @@
+Bug#: 81195
+Product: Mono: Class Libraries
+Version: 1.2
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: Sys.Web
+AssignedTo: mhabersack at novell.com                            
+ReportedBy: mmorano at mikeandwan.us               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: LoginStatus logout does not clear Role cookie [w/ fix]
+
+When using a LoginStatus control on MS asp.net 2.0 runtime, the cached role
+cookie is removed just as the authentication ticket is removed.  Currently,
+mono properly removes the authentication ticket, but not the roles cookie.
+
+The code below illustrate a solution, so that whenever
+FormsAuthentication.SignOut is called, it will also kill the Roles cookie
+if it is used.  I believe this behavior should be common across all calls
+to signout, rather than localizing the change in the loginstatus control.
+
+Note that the changes to the Roles.DeleteCookie() method is basically a
+copy of the working cookie removal code from FormsAuthentication.SignOut. 
+Without this change, the roles cookie is cleaned up so that it had only an
+empty string as a value, but would not be removed.
+
+
+FormsAuthentication.cs:
+
+Add the following to the end of SignOut() (around line 611):
+
+#if NET_2_0
+            Roles.DeleteCookie();
+#endif
+
+
+
+Roles.cs
+
+Change the DeleteCookie() method to behave more like
+FormsAuthentication.SignOut() (around line 95):
+
+
+        public static void DeleteCookie ()
+        {
+            if (CacheRolesInCookie) {
+                HttpContext context = HttpContext.Current;
+                if (context == null)
+                    throw new HttpException ("Context is null!");
+
+                HttpResponse response = context.Response;
+                if (response == null)
+                    throw new HttpException ("Response is null!");
+
+                HttpCookieCollection cc = response.Cookies;
+                cc.Remove (CookieName);
+                HttpCookie expiration_cookie = new HttpCookie (CookieName, "");
+                expiration_cookie.Expires = new DateTime (1999, 10, 12);
+                expiration_cookie.Path = CookiePath;
+                cc.Add (expiration_cookie);
+            }
+        }
+
+
+Thanks,
+Mike

More information about the mono-bugs mailing list