400 Bad Request

From Logic Wiki
Jump to: navigation, search


The client is using an invalid or expired local cookie. Again, this could be malicious or accidental, but it’s possible that a local cookie in the web browser is identifying you via a session cookie. If this particular session token matches the session token from another request from a different client, the server/application may see this is a malicious act and produce a 400 Bad Request Error code.

Clear Relevant Cookies

           if (Request.Cookies["CompanyId"] != null)
           {
               Response.Cookies.Append("CompanyId", "", new CookieOptions() { Expires = DateTime.Now.AddMonths(-1) });
           }
           Response.Cookies.Delete("CompanyId");
           if (Request.Cookies["IsNursePractice"] != null)
           {
               Response.Cookies.Append("IsNursePractice", "", new CookieOptions() { Expires = DateTime.Now.AddMonths(-1) });
           }
           Response.Cookies.Delete("IsNursePractice");
           HttpContext.SignOutAsync(scheme: CookieAuthenticationDefaults.AuthenticationScheme);

issue

Deleting Antiforgery token can cause 400 error as well. 

  foreach (var cookie in Request.Cookies.Keys)
           {
               if (!cookie.Contains(".AspNetCore.Antiforgery."))
               {
                   Response.Cookies.Delete(cookie);
               }
           }
Retrieved from "https://logicwiki.co.uk/index.php?title=400_Bad_Request&oldid=1975"