问题
Why does this example call the SignOut for ExternalCookie before signing in with an ApplicationCookie? Is it just a way to make sure the authentication information is clean? (The full example is here: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity)
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(
user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(
new AuthenticationProperties() {
IsPersistent = isPersistent
}, identity);
}
回答1:
Its basically cleanup, the external cookie should get cleared eventually, its only needed to store the claims returned from google/fb/twitter etc such that app can pull whatever data it needs before signing the user. So SignIn is a good safe place to clear that external data.
来源:https://stackoverflow.com/questions/20569396/why-call-signoutdefaultauthenticationtypes-externalcookie-before-use-of-applic