In my web application, there is a possibility for a user to delete a different user. But I noticed that after the user is deleted, the cookie still remains in the browser of the user, which enables them to navigate the website even though the user does not exist anymore. How do I make so that the cookie is invalid?
Asked
Active
Viewed 178 times
1 Answers
2
write this line of code after deleting the user:
_userManager.UpdateSecurityStamp(userId)
and it should works.
Elyas Esna
- 625
- 4
- 19
-
I used it before I delete the user, nothing changes, probably since no changes have been made to the user yet. I used it after I deleted the user and it can't find the `userId`, since the user is deleted – A. Savva May 21 '18 at 11:32
-
are you using usermanager for deleting the user or db functions? – Elyas Esna May 21 '18 at 11:46
-
if you use this code for deleting the user it shouldn't be any problem: `_userManager.Delete(_userManager.Users.FirstOrDefault(p => p.Id == uderId));` – Elyas Esna May 21 '18 at 11:52
-
I'm using `UserManager`, exactly the way you posted here. The user is deleted, but the cookie of the user remains there. How do I use `UpdateSecurityStamp(userId)` with it? – A. Savva May 21 '18 at 11:56
-
1look at this posts and hope it helps you: [link1](https://stackoverflow.com/a/42065168/4437464) [link2](https://stackoverflow.com/a/38690109/4437464) – Elyas Esna May 21 '18 at 12:17
-
Alright, so you're saying I should decrease the time for validation? I have it every 30 minutes, which is ok, the user won't be able to log in 30 minutes after being deleted. – A. Savva May 21 '18 at 12:57
-
Thanks for the help! – A. Savva May 21 '18 at 12:57