cnd
cnd

Reputation: 33784

how to LogOut in ASP membership

protected void Button2_Click(object sender, System.EventArgs e) //logout
{
    if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
    {
        System.Web.HttpContext.Current.Session.Abandon(); // it isn't logout >_<
    }
}

how to logout ? :P

Upvotes: 8

Views: 7815

Answers (2)

Zhaph - Ben Duguid
Zhaph - Ben Duguid

Reputation: 26976

If you're using the standard membership providers and forms authentication:

FormsAuthentication.SignOut();
HttpContext.Current.Session.Abandon();

Usually works a treat.

Be aware that if the user presses back in their browser, they will probably see the cached (logged in) version.

Edit to respond to comment

I was under the impression that FormsAuthentication.Signout:

Removes the forms-authentication ticket from the browser.

And that as the authentication ticket is completely separate from, and unrelated to the session token, if you want to completely clear all knowledge of the user from the server at that point, calling Session.Abandon is a good thing to do. I'm aware that a new session will be created for them on the next page request - I'd be interested to see documentation to the contrary.

Upvotes: 10

this. __curious_geek
this. __curious_geek

Reputation: 43217

FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();

This should log-off the user and take him to Login page.

Upvotes: 1

Related Questions