CODEWITHSUNDEEP
asp.net-mvc-3c#-4.0
Jignesh Thakker
Jignesh Thakker

Reputation: 3698

ASP.NET MVC Logout with Form Authentication

I have a Logout action on a controller as so:

public ActionResult Logout()
{
    FormsAuthentication.SignOut();
    Session["UserCredential"] = null;
    return RedirectToAction("Index", "Home");
}

This working in google chrome browser. but when I am using my web application with firefox browser (latest version) after login and logout from first time. and when I am doing login again to application and pressing on logout button, I am not able to logout from web application. Request.IsAuthenticated is returning me true value.

For Login I used following action:

        [HttpPost]
        public JsonResult Login(string userName, string password)
        {

            User oUser = oRepository.GetUser(userName,password); 
            Session["UserCredential"] = oUser;


            if (oUser != null)
            {
                if (oUser.IsVerified)
                {
                    string url = Request.Url.AbsolutePath;    
                    FormsAuthentication.SetAuthCookie(userName, false);
                    return Json(new { res = 1, RedirectUrl = Url.Action("Index", "Home") }, JsonRequestBehavior.AllowGet);
                }
                else
                {
                    return Json(new { res = 0, RedirectUrl = "" }, JsonRequestBehavior.AllowGet);
                }
            }

            return Json(new { res = -1, RedirectUrl = "" }, JsonRequestBehavior.AllowGet);
        }

Anyone have idea what i have to do to solve my problem with firefox browser.

Upvotes: 0

Views: 4819

Answers (1)

Water Cooler v2
Water Cooler v2

Reputation: 33880

I am not 100% certain but you could try this.

I've observed that the way FormsAuthentication is implemented in ASP.NET, the SignOut method does not clear the ASPXAUTH cookie. So, on sign-out, what I usually do is, I clear all the cookies in the response myself manually.

You might try doing that. At the very least, in your case, you should clear 2 cookies:

1) The FormsAuth cookie. You can get the name of the cookie by accessing a CookieName (or some such) static field of the FormsAuthentication class.

2) The ASP.NET session cookie. Check the cookie names in the Immediate Window (print the Cookies collection).

To clear the cookies, just add new cookies to the response object's cookie collection with the same names as the older cookies and then set their expiry date to a date in the past.

Upvotes: 2

Related Questions