0

So I have a aspnetcore web application that initially (by mistake) issued a cookie with expiration however it was still marked as session (it was missing the AuthenticationProperties.IsPersistent).

I now know that it had to be a persistent cookie.

When new users enter and login, it is ok, the cookie written is persistent. But the previous users may have a problem with this session cookie (it contains a token which expires).

I want to know how can I overwrite this session cookie, or delete it without affecting the other users?

I know another way around would be to rename the aspnetcore authentication cookie name. It will "logout" all users which is ok, but I would still like to avoid it for now.

Thanks

Kat Lim Ruiz
  • 2,425
  • 2
  • 26
  • 32
  • Since the non-persistent cookie will expire when the browser session ends, I wouldn’t worry about those existing users now since when they come back to your application (with their session being expired), they will need to sign in anyway and then they will get the new persistent cookie. – poke Dec 06 '20 at 13:46
  • The issue is the token inside the token expired, so it gives us error while connecting to the backend apis. – Kat Lim Ruiz Dec 06 '20 at 15:54
  • Agree with poke, the non-persistent cookie will expire when the browser session ends. About the token expired, you could check whether it is expired or not in your code, then if it expired, try to re-get it. Besides, you could try to use F12 developer tools to delete the special cookies (Open F12 developer tools, select the "Application" tab, click the "Cookies", right click the special cookies and choose the "Delete" option to delete them). Or you could use JavaScript to [delete the cookie](https://stackoverflow.com/questions/2144386/). – Zhi Lv Dec 07 '20 at 05:34

0 Answers0