ASP.NET 5 Force all users to logout (using cookie auth)

I’m using ASP.NET MVC 5 with cookie-based authentication. I want to make a change in user roles and enforce it right away, but roles don’t change until a user logs out and back in.

How can I force all users to logout or to renew their identity cookie?

Add Comment
1 Answer(s)

Turns out this is pretty easy. You can change the cookie name (default is ASP.NET_SessionId, source).

This causes the website to look for a different session cookie name, making the old cookies invalid.

public void ConfigureAuth(IAppBuilder app) {      app.UseCookieAuthentication(new CookieAuthenticationOptions     {         AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,         LoginPath = new PathString("/Account/Login"),         ExpireTimeSpan = TimeSpan.FromDays(7),         CookieName = "[NewNameHere]",     }); } 
Answered on August 30, 2020.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.