CODEWITHSUNDEEP
asp.net-mvc
pankaj
pankaj

Reputation: 21

Logout from MVC

I have a MVC application and I have to logout. To logout from the application I have created a link on te master page

[ <a id="A2" name="lnkLogout" href="http://localhost:1234/Home/LogOut" >Logout</a> ]

and created the LoutOut action in the controller page 

 public ActionResult LogOut()
        {
            Session.Clear();
            Session.Abandon();
            Redirect("http://AnotherApplicaton/Home/LogOut");
        }

Now when I click on the LogOut link its redirect to the LogOut action and in the LogOut action its delete all the session, but when I click on the back button of the browser its get back to the previous page and sessions are still alive. Does anyone have the solution of this problem.

Upvotes: 1

Views: 34866

Answers (4)

nWorx
nWorx

Reputation: 2155

if you're using forms authentication then this is what you are looking for...

public ActionResult LogOut()
        {
            Session.Clear();
            FormsAuthentication.SignOut();
            Redirect("http://AnotherApplicaton/Home/LogOut");
        }

hth

Upvotes: 16

pankaj
pankaj

Reputation: 21

Hi got the solution. Actually I have used toke to login into my module and the token timeout was 5 second. If I Logged out and click on the back button of the browser before the 5 second then the Session_Start() event of glowal.ascx.cs is called again and read the token again and the create the session again. And if I click on the back button after the 5 second then session does not create. To solve this problem I does not allow the user to go to back through the browser. For this I have used the following code

<script type="text/javascript">
history.go(1);
</script>

Upvotes: 1

Hemanshu Bhojak
Hemanshu Bhojak

Reputation: 17288

The pages you visit in your browser are cached depending upon your caching settings in the browser. You need to prevent caching in ASP.net MVC so that they are not cached by the browser. After you do that try clearing your browsers cache and try loading the page again. Logout and try the back button. You should get a message saying that the page no longer exists or something.

There are many ways of preventing your ASP.net pages from getting cached in the browser. One such way is to do this before the page is rendered.

this.Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
this.Response.Cache.SetCacheability(HttpCacheability.NoCache)
this.Response.Cache.SetNoStore()

Upvotes: 6

Graviton
Graviton

Reputation: 83254

The sessions are not alived; they are just cached.

You can try to force refresh your page (ctrl+f5) and check this.

Upvotes: 2

Related Questions