Home/ Questions/Q 794823
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T22:22:36+00:00

In LiveId Web Auth scenario, when client application receive clearcookie request, it is responsible

  • 0

In LiveId Web Auth scenario, when client application receive “clearcookie” request, it is responsible for clearing the authorization cookies and should confirm success by returning any GIF image through http. Using reference implementation of liveid web auth in asp.net-mvc looks like:

 if (Request["action"]=="clearcookie")
 {
      string contentType;
      byte[] content;
      wll.GetClearCookieResponse(out contentType, out content);
      return this.File(content, contentType);
 }

Where wll.GetClearCookieResponse is implemented as:

    public void GetClearCookieResponse(out string type, out byte[] content)
    {
        const string gif = 
          "R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7";
        type = "image/gif";
        content = Convert.FromBase64String(gif);
    }

So the GetClearCookieResponse method creates byte[] array containg tiny hardcoded GIF.

Is there any particular reason why responding with GIF is required? Why not just plain text (“OK”) or JSON?

Are there any other (than LiveId) protocols using returning GIF as a response? I’m asking because I want to know if there is any reason to adopt this solution in projects requiring similar scenarios of communication.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When a user signs out of Windows Live or a Windows Live pplication, a best-effort attempt is made to sign the user out from all other Windows Live applications the user might be signed in to. This is done by calling the handler page for each application with ‘action’ parameter set to ‘clearcookie’ in the query tring. The application handler is then responsible for clearing any cookies or data associated with the login. After successfully signing the user out, the handler should return a GIF (any GIF) as response to the action=clearcookie query.

    This function returns an appropriate content type and body response that the application handler can return to signify a successful sign-out from the application.

    Your code should only return the image (.gif) as specified, and nothing else. An extra byte will trigger an error (malformed image).

    I suppose it could be any type of expected response and suspect they chose a GIF because it would cause a browser to promptly hang up the connection when received.

    • 0