Так автор функции выше в своем следующем сообщении пишет
Цитата:Never mind, I came up with a good solution:
*
When the user successfully logs in, we create an additional session cookie that doesn't expire until the browser is closed.
*
If the user comes back to the login page later and the request is unauthenticated, we check for the existence of the session cookie - if it exists, we know that the user has previously had a session, so we explicitly log them out, exactly as we do for the user-initiated logout. If the session cookie doesn't exist then we attempt to automatically log the user in using their certificate.
*
The custom session cookie is deleted for each explicit log out, and re-populated for each successful login.
This gives us the best experience for the user, and guarantees that a certificate will be cached only as long as a session is still valid (15 minutes, sliding). Also, the session cookie cannot be removed by the user so there is no way to bypass this behaviour. They can't use the site without accepting session cookies either.
А эта команда работает только в ИЕ, где собственно и нужно чистить что либо.
Остальные браузеры должны сами прекрасно справляться.
|