Merge pull request #6321 from Mostafa-Moafi/Issue6320

delete authentication cookie when the cookie expires or is invalid
dnnsoftware · Jan 27, 2025 · a2a9447 · a2a9447
2 parents 0117e05 + 9a9c52a
commit a2a9447
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/DNN Platform/DotNetNuke.Web/Common/DotNetNukeHttpApplication.cs b/DNN Platform/DotNetNuke.Web/Common/DotNetNukeHttpApplication.cs
@@ -213,7 +213,7 @@ private void Application_BeginRequest(object sender, EventArgs e)
                 var persisted = AuthCookieController.Instance.Find(authCookie.Value);
                 if (persisted != null && persisted.ExpiresOn <= DateTime.UtcNow)
                 {
-                    app.Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
+                    app.Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);
                 }
             }