diff --git a/src/Umbraco.Core/Configuration/UmbracoSettings.cs b/src/Umbraco.Core/Configuration/UmbracoSettings.cs
index 6b53540238..a6f81b593c 100644
--- a/src/Umbraco.Core/Configuration/UmbracoSettings.cs
+++ b/src/Umbraco.Core/Configuration/UmbracoSettings.cs
@@ -309,7 +309,7 @@ namespace Umbraco.Core.Configuration
{
return value;
}
- return "UMB_UCONTEXT";
+ return Constants.Web.AuthCookieName;
}
}
diff --git a/src/Umbraco.Core/Constants-Web.cs b/src/Umbraco.Core/Constants-Web.cs
new file mode 100644
index 0000000000..83cb995eeb
--- /dev/null
+++ b/src/Umbraco.Core/Constants-Web.cs
@@ -0,0 +1,22 @@
+namespace Umbraco.Core
+{
+ public static partial class Constants
+ {
+ ///
+ /// Defines the identifiers for Umbraco system nodes.
+ ///
+ public static class Web
+ {
+ ///
+ /// The preview cookie name
+ ///
+ public const string PreviewCookieName = "UMB_PREVIEW";
+
+ ///
+ /// The auth cookie name
+ ///
+ public const string AuthCookieName = "UMB_UCONTEXT";
+
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Security/AuthenticationExtensions.cs b/src/Umbraco.Core/Security/AuthenticationExtensions.cs
index 87d09aecf5..306a385f61 100644
--- a/src/Umbraco.Core/Security/AuthenticationExtensions.cs
+++ b/src/Umbraco.Core/Security/AuthenticationExtensions.cs
@@ -99,21 +99,27 @@ namespace Umbraco.Core.Security
///
private static void Logout(this HttpContextBase http, string cookieName)
{
- //remove from the request
- http.Request.Cookies.Remove(cookieName);
+ //clear the preview cookie too
+ var cookies = new[] { cookieName, Constants.Web.PreviewCookieName };
+ foreach (var c in cookies)
+ {
+ //remove from the request
+ http.Request.Cookies.Remove(c);
+
+ //expire from the response
+ var formsCookie = http.Response.Cookies[c];
+ if (formsCookie != null)
+ {
+ //this will expire immediately and be removed from the browser
+ formsCookie.Expires = DateTime.Now.AddYears(-1);
+ }
+ else
+ {
+ //ensure there's def an expired cookie
+ http.Response.Cookies.Add(new HttpCookie(c) { Expires = DateTime.Now.AddYears(-1) });
+ }
+ }
- //expire from the response
- var formsCookie = http.Response.Cookies[cookieName];
- if (formsCookie != null)
- {
- //this will expire immediately and be removed from the browser
- formsCookie.Expires = DateTime.Now.AddYears(-1);
- }
- else
- {
- //ensure there's def an expired cookie
- http.Response.Cookies.Add(new HttpCookie(cookieName) { Expires = DateTime.Now.AddYears(-1) });
- }
}
///
diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj
index 90bf089d0f..09ab59e054 100644
--- a/src/Umbraco.Core/Umbraco.Core.csproj
+++ b/src/Umbraco.Core/Umbraco.Core.csproj
@@ -837,6 +837,9 @@
Constants.cs
+
+ Constants.cs
+
diff --git a/src/Umbraco.Tests/TestHelpers/FakeHttpContextFactory.cs b/src/Umbraco.Tests/TestHelpers/FakeHttpContextFactory.cs
index abb477d3c6..c7e7764512 100644
--- a/src/Umbraco.Tests/TestHelpers/FakeHttpContextFactory.cs
+++ b/src/Umbraco.Tests/TestHelpers/FakeHttpContextFactory.cs
@@ -7,6 +7,7 @@ using System.Text;
using System.Web;
using System.Web.Routing;
using Moq;
+using Umbraco.Core;
namespace Umbraco.Tests.TestHelpers
{
@@ -59,7 +60,7 @@ namespace Umbraco.Tests.TestHelpers
//Cookie collection
var cookieCollection = new HttpCookieCollection();
- cookieCollection.Add(new HttpCookie("UMB_UCONTEXT", "FBA996E7-D6BE-489B-B199-2B0F3D2DD826"));
+ cookieCollection.Add(new HttpCookie(Constants.Web.AuthCookieName, "FBA996E7-D6BE-489B-B199-2B0F3D2DD826"));
//Request
var requestMock = new Mock();
diff --git a/src/umbraco.businesslogic/StateHelper.cs b/src/umbraco.businesslogic/StateHelper.cs
index 387efd2ca3..d14031d7c1 100644
--- a/src/umbraco.businesslogic/StateHelper.cs
+++ b/src/umbraco.businesslogic/StateHelper.cs
@@ -2,6 +2,7 @@ using System;
using System.Reflection;
using System.Web;
using System.Web.UI;
+using Umbraco.Core;
namespace umbraco.BusinessLogic
{
@@ -347,8 +348,8 @@ namespace umbraco.BusinessLogic
* we currently reproduce this by configuring each cookie with a 30d expires, but does
* that actually make sense? shouldn't some cookie have _no_ expires?
*/
- static readonly Cookie _preview = new Cookie("UMB_PREVIEW", 30d); // was "PreviewSet"
- static readonly Cookie _userContext = new Cookie("UMB_UCONTEXT", 30d); // was "UserContext"
+ static readonly Cookie _preview = new Cookie(Constants.Web.PreviewCookieName, TimeSpan.Zero); // was "PreviewSet"
+ static readonly Cookie _userContext = new Cookie(Constants.Web.AuthCookieName, 30d); // was "UserContext"
static readonly Cookie _member = new Cookie("UMB_MEMBER", 30d); // was "umbracoMember"
public static Cookie Preview { get { return _preview; } }
@@ -429,7 +430,7 @@ namespace umbraco.BusinessLogic
}
public void SetValue(string value)
{
- SetValueWithDate(value, DateTime.Now + _expires);
+ SetValueWithDate(value, _expires == TimeSpan.Zero ? DateTime.MinValue : DateTime.Now + _expires);
}
public void SetValue(string value, double days)
@@ -439,7 +440,7 @@ namespace umbraco.BusinessLogic
public void SetValue(string value, TimeSpan expires)
{
- SetValue(value, DateTime.Now + expires);
+ SetValue(value, expires == TimeSpan.Zero ? DateTime.MinValue : DateTime.Now + expires);
}
public void SetValue(string value, DateTime expires)
@@ -449,7 +450,7 @@ namespace umbraco.BusinessLogic
private void SetValueWithDate(string value, DateTime expires)
{
- HttpCookie cookie = new HttpCookie(_key, value);
+ var cookie = new HttpCookie(_key, value);
if (GlobalSettings.UseSSL)
cookie.Secure = true;
@@ -457,7 +458,12 @@ namespace umbraco.BusinessLogic
//ensure http only, this should only be able to be accessed via the server
cookie.HttpOnly = true;
- cookie.Expires = expires;
+ //set an expiry date if not min value, otherwise leave it as a session cookie.
+ if (expires != DateTime.MinValue)
+ {
+ cookie.Expires = expires;
+ }
+
ResponseCookie = cookie;
// original Umbraco code also does this
@@ -471,7 +477,7 @@ namespace umbraco.BusinessLogic
{
if (RequestCookie != null || ResponseCookie != null)
{
- HttpCookie cookie = new HttpCookie(_key);
+ var cookie = new HttpCookie(_key);
cookie.Expires = DateTime.Now.AddDays(-1);
ResponseCookie = cookie;
}