问题
I'm designing a small ASP.NET MVC site for a club. Generally, I want users to be able to stay logged in, but what happens if a user's membership has lapsed? Is there any way to "de-authorize" them so that next time they try to view a page, it redirects them to a page telling them their membership has lapsed?
回答1:
If the timeout defined for the authentication cookie is hit it will no longer be valid and users will automatically be redirected to the login page. If you want to sign them out automatically under some circumstances you could simply:
FormsAuthentication.SignOut();
回答2:
Why don't you make the expiration of the authentication cookie, the number of days that you want, or their membership expiration date, whichever is sooner, then you get the benefit of getting handled automatically
回答3:
When you get the user's information from the cookie, you could add a check to see if their membership has lapsed and redirect them to that page.
来源:https://stackoverflow.com/questions/5825273/how-do-you-cancel-someones-persistent-cookie-if-their-membership-is-no-longer-v