diff --git a/src/Umbraco.Core/Constants-Web.cs b/src/Umbraco.Core/Constants-Web.cs
new file mode 100644
index 0000000000..83cb995eeb
--- /dev/null
+++ b/src/Umbraco.Core/Constants-Web.cs
@@ -0,0 +1,22 @@
+namespace Umbraco.Core
+{
+ public static partial class Constants
+ {
+ ///
+ /// Defines the identifiers for Umbraco system nodes.
+ ///
+ public static class Web
+ {
+ ///
+ /// The preview cookie name
+ ///
+ public const string PreviewCookieName = "UMB_PREVIEW";
+
+ ///
+ /// The auth cookie name
+ ///
+ public const string AuthCookieName = "UMB_UCONTEXT";
+
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Security/AuthenticationExtensions.cs b/src/Umbraco.Core/Security/AuthenticationExtensions.cs
index b642796932..6ba1df8b6c 100644
--- a/src/Umbraco.Core/Security/AuthenticationExtensions.cs
+++ b/src/Umbraco.Core/Security/AuthenticationExtensions.cs
@@ -259,21 +259,27 @@ namespace Umbraco.Core.Security
private static void Logout(this HttpContextBase http, string cookieName)
{
if (http == null) throw new ArgumentNullException("http");
- //remove from the request
- http.Request.Cookies.Remove(cookieName);
+ //clear the preview cookie too
+ var cookies = new[] { cookieName, Constants.Web.PreviewCookieName };
+ foreach (var c in cookies)
+ {
+ //remove from the request
+ http.Request.Cookies.Remove(c);
+
+ //expire from the response
+ var formsCookie = http.Response.Cookies[c];
+ if (formsCookie != null)
+ {
+ //this will expire immediately and be removed from the browser
+ formsCookie.Expires = DateTime.Now.AddYears(-1);
+ }
+ else
+ {
+ //ensure there's def an expired cookie
+ http.Response.Cookies.Add(new HttpCookie(c) { Expires = DateTime.Now.AddYears(-1) });
+ }
+ }
- //expire from the response
- var formsCookie = http.Response.Cookies[cookieName];
- if (formsCookie != null)
- {
- //this will expire immediately and be removed from the browser
- formsCookie.Expires = DateTime.Now.AddYears(-1);
- }
- else
- {
- //ensure there's def an expired cookie
- http.Response.Cookies.Add(new HttpCookie(cookieName) { Expires = DateTime.Now.AddYears(-1) });
- }
}
private static FormsAuthenticationTicket GetAuthTicket(this HttpContextBase http, string cookieName)
diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj
index 07d5d8f681..471eb1e28a 100644
--- a/src/Umbraco.Core/Umbraco.Core.csproj
+++ b/src/Umbraco.Core/Umbraco.Core.csproj
@@ -1061,6 +1061,9 @@
Constants.cs
+
+ Constants.cs
+
diff --git a/src/umbraco.businesslogic/StateHelper.cs b/src/umbraco.businesslogic/StateHelper.cs
index 10e81dd614..e84d3aa129 100644
--- a/src/umbraco.businesslogic/StateHelper.cs
+++ b/src/umbraco.businesslogic/StateHelper.cs
@@ -349,7 +349,7 @@ namespace umbraco.BusinessLogic
* we currently reproduce this by configuring each cookie with a 30d expires, but does
* that actually make sense? shouldn't some cookie have _no_ expires?
*/
- static readonly Cookie _preview = new Cookie(Constants.Web.PreviewCookieName, 30d); // was "PreviewSet"
+ static readonly Cookie _preview = new Cookie(Constants.Web.PreviewCookieName, TimeSpan.Zero); // was "PreviewSet"
static readonly Cookie _userContext = new Cookie(Constants.Web.AuthCookieName, 30d); // was "UserContext"
static readonly Cookie _member = new Cookie("UMB_MEMBER", 30d); // was "umbracoMember"
@@ -431,7 +431,7 @@ namespace umbraco.BusinessLogic
}
public void SetValue(string value)
{
- SetValueWithDate(value, DateTime.Now + _expires);
+ SetValueWithDate(value, _expires == TimeSpan.Zero ? DateTime.MinValue : DateTime.Now + _expires);
}
public void SetValue(string value, double days)
@@ -441,7 +441,7 @@ namespace umbraco.BusinessLogic
public void SetValue(string value, TimeSpan expires)
{
- SetValue(value, DateTime.Now + expires);
+ SetValue(value, expires == TimeSpan.Zero ? DateTime.MinValue : DateTime.Now + expires);
}
public void SetValue(string value, DateTime expires)
@@ -451,7 +451,7 @@ namespace umbraco.BusinessLogic
private void SetValueWithDate(string value, DateTime expires)
{
- HttpCookie cookie = new HttpCookie(_key, value);
+ var cookie = new HttpCookie(_key, value);
if (GlobalSettings.UseSSL)
cookie.Secure = true;
@@ -459,7 +459,12 @@ namespace umbraco.BusinessLogic
//ensure http only, this should only be able to be accessed via the server
cookie.HttpOnly = true;
- cookie.Expires = expires;
+ //set an expiry date if not min value, otherwise leave it as a session cookie.
+ if (expires != DateTime.MinValue)
+ {
+ cookie.Expires = expires;
+ }
+
ResponseCookie = cookie;
// original Umbraco code also does this
@@ -473,7 +478,7 @@ namespace umbraco.BusinessLogic
{
if (RequestCookie != null || ResponseCookie != null)
{
- HttpCookie cookie = new HttpCookie(_key);
+ var cookie = new HttpCookie(_key);
cookie.Expires = DateTime.Now.AddDays(-1);
ResponseCookie = cookie;
}