user140390
Reputation:
Asp.Net Mvc Can Not Log Out
Here is My Code To Log In
var expire = DateTime.Now.AddDays(7);
// Create a new ticket used for authentication
var ticket = new FormsAuthenticationTicket(
1, // Ticket version
username, // Username to be associated with this ticket
DateTime.Now, // Date/time issued
expire, // Date/time to expire
true, // "true" for a persistent user cookie (could be a checkbox on form)
roles, // User-data (the roles from this user record in our database)
FormsAuthentication.FormsCookiePath); // Path cookie is valid for
// Hash the cookie for transport over the wire
var hash = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash) { Expires = expire };
// Add the cookie to the list for outbound response
Response.Cookies.Add(cookie);
Here Is My Code To Check The Roles. It is a custom IHTTP Module
if (HttpContext.Current.User == null) return;
if (!HttpContext.Current.User.Identity.IsAuthenticated) return;
if (!(HttpContext.Current.User.Identity is FormsIdentity)) return;
// Get Forms Identity From Current User
var id = (FormsIdentity)HttpContext.Current.User.Identity;
// Get Forms Ticket From Identity object
var ticket = id.Ticket;
// Retrieve stored user-data (our roles from db)
var userData = ticket.UserData;
var roles = userData.Split(',');
// Create a new Generic Principal Instance and assign to Current User
Thread.CurrentPrincipal = HttpContext.Current.User = new GenericPrincipal(id, roles);
Here is my Code To Log Out
FormsAuthentication.SignOut();
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Session.Clear();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
Response.Cache.SetNoStore();
Response.AppendHeader("Pragma", "no-cache");
return View("SignIn");
This is crazy. I have two bald spots now.
Upvotes: 5
Views: 9035
Answers (3)
AthibaN
Reputation: 2087
If you want to apply the "no cache on browser back" behavior on all pages then you should put it in global.asax.
protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
}
hope it helps someone !
Upvotes: 0
Evgeny Shmanev
Reputation: 1
You can not directly delete a cookie on a client's computer. When you calls the Cookies.Remove method the cookie is deleted on a server side. To delete the cookie on a client's side it's necessary to set the cookie's expiration date to a past date.
HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
cookie.Expires = DateTime.Now.AddDays(-1);
HttpContext.Current.Response.Cookies.Add(cookie);
}
I hope this helps you.
Upvotes: 0
Jared
Reputation: 8610
1) shouldn't your call to Response.Cookies.Remove(FormsAuthentication.FormsCookieName); be Response.Cookies.Remove(whatever-the-user-name-is);?
2) try sending an expired cookie back to the browser.
FormsAuthentication.SignOut();
// replace with username if this is the wrong cookie name
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Session.Clear();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
Response.Cache.SetNoStore();
Response.AppendHeader("Pragma", "no-cache");
// send an expired cookie back to the browser
var ticketExpiration = DateTime.Now.AddDays(-7);
var ticket = new FormsAuthenticationTicket(
1,
// replace with username if this is the wrong cookie name
FormsAuthentication.FormsCookieName,
DateTime.Now,
ticketExpiration,
false,
String.Empty);
var cookie = new System.Web.HttpCookie("user")
{
Expires = ticketExpiration,
Value = FormsAuthentication.Encrypt(ticket),
HttpOnly = true
};
Response.Cookies.Add(cookie);
return View("SignIn");
Upvotes: 7
Related Questions
- MVC AuthenticationManager.SignOut() is not signing out
- Unable to logout from ASP.NET MVC application using FormsAuthentication.SignOut()
- asp.net MVC 4. Log out functionality not working
- C# MVC After I login, i dont get the option to Logout
- Session Manager will not log me out when session expires, HTTPContext.Current is Null
- Logging out of Webforms Authentication dos not remove the authentication on the server
- ASP.Net MVC app logout not completely logging out
- ASP.NET MVC Logout with Form Authentication
- ASP.NET MVC truly log off with Forms Authentication
- ASP.NET MVC FormsAuthentication.SignOut doesn't work