Remove cookies

simpleidserver · Nov 7, 2024 · 5763174 · 5763174
1 parent 5d97d03
commit 5763174
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmMiddleware.cs b/src/IdServer/SimpleIdServer.IdServer.Website/Infrastructures/RealmMiddleware.cs
@@ -1,5 +1,6 @@
 // Copyright (c) SimpleIdServer. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -73,6 +74,7 @@ public async Task InvokeAsync(HttpContext context)
         var existingRealms = await GetRealms(currentRealm);
         if(!existingRealms.Any(r => r.Name == currentRealm))
         {
+            EnsureCookiesAreRemoved(context, currentRealm);
             ReturnNotFound(context);
             return;
         }
@@ -81,6 +83,16 @@ public async Task InvokeAsync(HttpContext context)
         await _next.Invoke(context);
     }
 
+    private void EnsureCookiesAreRemoved(HttpContext context, string currentRealm)
+    {
+        var cookieName = $"{CookieAuthenticationDefaults.CookiePrefix + Uri.EscapeDataString("AdminWebsite")}.{currentRealm}";
+        var filteredCookieNames = context.Request.Cookies.Where(c => c.Key.StartsWith(cookieName)).Select(c => c.Key);
+        foreach (var cookie in filteredCookieNames)
+        {
+            context.Response.Cookies.Delete(cookie);
+        }
+    }
+
     private void ReturnNotFound(HttpContext context)
     {
         context.Response.StatusCode = (int)HttpStatusCode.NotFound;