9

I'm trying to remove specific Set-Cookie header from HttpResponseHeaders in OnActionExecuted method of ActionFilter.

I'm having few issues with that:

  1. I cannot see the way of enumerate headers. The collection is always empty, even if I see headers in debugger.
  2. Because I cannot enumerate, I cannot remove specific header. I can only remove all headers with the same key, but Set-Cookie can have multiple entries.

Currently I'm removing all cookies, but this is not what I want.

public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { HttpResponseHeaders headers = actionExecutedContext.Response.Headers; IEnumerable<string> values; if (headers.TryGetValues("Set-Cookie", out values)) { actionExecutedContext.Response.Headers.Remove("Set-Cookie"); } base.OnActionExecuted(actionExecutedContext); }
Improve this question
2
  • have you get solution of this issue? Commented May 20, 2019 at 12:36
  • @KalpeshBoghara only by workaround. Add context item in filter for specific action OnActionExecuting HttpContext.Current.Items.Add("RemoveAuthCookieKey", true);. And then in Global.asax in Application_EndRequest if key exists this.Response.Cookies.Remove(FormsAuthentication.FormsCookieName); Commented May 30, 2019 at 11:34

1 Answer 1

Reset to default
5

From the link:

You cannot directly delete a cookie on a user's computer. However, you can direct the user's browser to delete the cookie by setting the cookie's expiration date to a past date. The next time a user makes a request to a page within the domain or path that set the cookie, the browser will determine that the cookie has expired and remove it.

So, how to remove/delete cookie in ASP.NET Web Api at action filter level, just try to set expiration date of cookie to a past date:

public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { var response = actionExecutedContext.Response; var request = actionExecutedContext.Request; var currentCookie = request.Headers.GetCookies("yourCookieName").FirstOrDefault(); if (currentCookie != null) { var cookie = new CookieHeaderValue("yourCookieName", "") { Expires = DateTimeOffset.Now.AddDays(-1), Domain = currentCookie.Domain, Path = currentCookie.Path }; response.Headers.AddCookies(new[] { cookie }); } base.OnActionExecuted(actionExecutedContext); }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I don't want to delete cookie on user computer. I just don't want to send cookie back to user in Web-Api, to prevent sliding expiration on some web-api actions. So I want to remove specific Set-Cookie header.
Ok, then I am just curious why you have to do this @Marcin?
I have web app with internal usage of web api. It is used for simplify request, and get responsibility about returned format to javascript, etc. Because I'm using forms authentication, the cookie is sent after some time, to extend expiration time. There is few actions in my app, which are called in background, automatically. So I want to prevent them to extend expiration of Auth cookie.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.