Click here to Skip to main content
15,886,026 members
Search within:


How to delete/expire the FedAuth Cookie on closing the application
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi,

I am implementing Single Sign-on using ADFS for an ASP.NET application. A federation cookie is created every time the user logs-in to the application. When the user closes the application, the federation cookie does not expire until the user closes the browser. The federation cookie automatically expires on closing all the browser windows.

I want to delete the federation cookie on clicking the Browser's close(X) button while the other browser windows are still open. The name of the federation cookie varies every time so I cannot delete the cookie based on the cookie name.

How can I remove or expire the federation cookie on closing the browser?
Posted
Add a Solution
Comments
Nathan Minier 3-Sep-14 13:06pm    
Two questions: do you mean tab when you say browser and are you using any JavaScript frameworks?
MikeRox89 3-Sep-14 13:13pm    
Yes, when I close the tab and not the whole browser, the fedauth cookie is not removed.

I am looking for any possible way to solve this. I have tried to change the web.config file 'cookiehandler' but that did not work.

Nathan Minier 3-Sep-14 13:53pm    
I assumed that was the case, default behavior is for cookies to persist until the browser itself is closed. What you'll need to do is write a JavaScript that will delete the cookies, hence my question about if you're using a framework or not.
MikeRox89 3-Sep-14 14:00pm    
Yes.. The code is developed in asp.net using .net framework 4.0. I tried to use a javascript function but was confused since the cookie name is dynamic.

Could I possibly delete the cookies on the Tab close(x) button.

1 solution

This should wipe out all cookies from your domain on closing.

JavaScript
window.onbeforeunload = function(){

    var cookies = document.cookie.split(";");

    for (var i = 0; i < cookies.length; i++) {
    	var cookie = cookies[i];
    	var eqPos = cookie.indexOf("=");
    	var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
    	document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
    }
}


Source: http://stackoverflow.com/questions/179355/clearing-all-cookies-with-javascript[^]

EDIT: Just wrap that in a
HTML
<script type="text/javascript"></script>
tag anywhere on the page.
 
Share this answer
 
Posted
Updated 3-Sep-14 8:22am
v2
Comments
MikeRox89 3-Sep-14 15:11pm    
A query. I went through the source link but could not understand the meaning of the line
"you should do name = "" instead, to erase the nameless value."

Shall the line be like this?

document.cookie = "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
Nathan Minier 3-Sep-14 15:28pm    
No, that's handled by the code at:

var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;

I would suggest just using the code as is.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Deleting cookies by expiration not working
Expire Cookie when browser is close with expiration policy
How to maintain cookie value expires
How to delete a cookie of a client?
Delete Cookie when closing the browser
Delete Cookies in asp.net
FedAuth Cookie not created in Sharepoint 2010 when we access the site in mobile.
session expired on browser close.
query timeout expired
Cookie Expiration Update

Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Sep 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900