CODEWITHSUNDEEP
c#asp.netsession-state
Manu
Manu

Reputation: 418

Session not expiring after logout

I am storing username and password in session when user logins. After logout, when I press Back button of browser, it again goes to the home page of the user. I want that the session must expire so that after logout when user presses back button, he get's rediected to the login page.

I have already tried 

Session.RemoveAll();
Session.Abandon();
Session.Remove("StoreUser");

StoreUser is the name of the session that contains username and password.

Upvotes: 1

Views: 2671

Answers (4)

Amitkumar Arora
Amitkumar Arora

Reputation: 149

## IN Global.asax file you have to clear all the session in Session_end event ##
clear all the session in this event.

     protected void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
// Note: The Session_End event is raised only when the sessionstate mode
// is set to InProc in the Web.config file. If session mode is set to StateServer
// or SQLServer, the event is not raised.

}

Upvotes: 0

Vikash Singh
Vikash Singh

Reputation: 814

may following link help you - http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout

your session is getting cleared but the cache of your page is getting stored at client side. You have to handle that.

Upvotes: 0

Ramesh Rajendran
Ramesh Rajendran

Reputation: 38713

Use FormsAuthentication.SignOut when your logout button click event , look below code 

public void LogoutLink_OnClick(object sender, EventArgs args)
{
  FormsAuthentication.SignOut();
  FormsAuthentication.RedirectToLoginPage();
}

and see this previous useful discussion : ASP.NET authentication login and logout with browser back button

Upvotes: 1

JP Hellemons
JP Hellemons

Reputation: 6057

I used FormsAuthentication.SignOut();

and on an other place in my webapplication, I have this on my WebForm when the user is logged in:

<asp:LoginStatus ID="LoginStatus1" LogoutImageUrl="~/Img/Logout.png" 
    BackColor="Transparent" runat="server" onloggingout="LoginStatus1_LoggingOut" />

and this in the code behind:

protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e)
{
    MembershipUser u = Membership.GetUser(HttpContext.Current.User.Identity.Name);
    u.LastActivityDate = DateTime.Now.AddMinutes(-Membership.UserIsOnlineTimeWindow);
    Membership.UpdateUser(u);
}

Upvotes: 0

Related Questions