#1353 use a compliant Expires header value for expiration.
This commit is contained in:
parent
02cd997e32
commit
bd07f8b683
|
|
@ -20,7 +20,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
IAuthenticationSignOutHandler
|
IAuthenticationSignOutHandler
|
||||||
{
|
{
|
||||||
private const string HeaderValueNoCache = "no-cache";
|
private const string HeaderValueNoCache = "no-cache";
|
||||||
private const string HeaderValueMinusOne = "-1";
|
private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
|
||||||
private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
|
private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
|
||||||
|
|
||||||
private bool _shouldRefresh;
|
private bool _shouldRefresh;
|
||||||
|
|
@ -359,7 +359,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
|
Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
|
||||||
Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
|
Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
|
||||||
Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne;
|
Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
|
||||||
|
|
||||||
if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
|
if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
private const string NonceProperty = "N";
|
private const string NonceProperty = "N";
|
||||||
private const string UriSchemeDelimiter = "://";
|
private const string UriSchemeDelimiter = "://";
|
||||||
|
|
||||||
|
private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
|
||||||
private const string InputTagFormat = @"<input type=""hidden"" name=""{0}"" value=""{1}"" />";
|
private const string InputTagFormat = @"<input type=""hidden"" name=""{0}"" value=""{1}"" />";
|
||||||
private const string HtmlFormFormat = @"<!doctype html>
|
private const string HtmlFormFormat = @"<!doctype html>
|
||||||
<html>
|
<html>
|
||||||
|
|
@ -261,7 +262,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
// Emit Cache-Control=no-cache to prevent client caching.
|
// Emit Cache-Control=no-cache to prevent client caching.
|
||||||
Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
||||||
Response.Headers[HeaderNames.Pragma] = "no-cache";
|
Response.Headers[HeaderNames.Pragma] = "no-cache";
|
||||||
Response.Headers[HeaderNames.Expires] = "-1";
|
Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
|
||||||
|
|
||||||
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
|
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
|
||||||
}
|
}
|
||||||
|
|
@ -442,7 +443,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
|
||||||
// Emit Cache-Control=no-cache to prevent client caching.
|
// Emit Cache-Control=no-cache to prevent client caching.
|
||||||
Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
||||||
Response.Headers[HeaderNames.Pragma] = "no-cache";
|
Response.Headers[HeaderNames.Pragma] = "no-cache";
|
||||||
Response.Headers[HeaderNames.Expires] = "-1";
|
Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
|
||||||
|
|
||||||
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
|
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
|
||||||
return;
|
return;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue