jeya prakash M
Reputation: 13
FormsAuthentication.signout() is not working when acessing application using other pc
I'm using following code for log out:
FormsAuthentication.SignOut();
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();
the above code is working fine when I'm accessing my application from my pc. but if I hit my application from other pc connected in same network, cookie is not deleted and application is not logged out.
Upvotes: 0
Views: 291
Answers (1)
GANI
Reputation: 2049
Users can still browse your website because cookies are not cleared when you call FormsAuthentication.SignOut() and they are authenticated on every new request. In MS documentation is says that cookie will be cleared but they don't, bug? Its exactly the same with 'Session.Abandon()', cookie is still there.
You should change your code to this:
FormsAuthentication.SignOut();
Session.Abandon();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
FormsAuthentication.RedirectToLoginPage();
Upvotes: 0
Related Questions
- ASP.NET Windows Authentication logout
- FormsAuthentication.SignOut() does not work
- ASP.NET Windows Authentication - Logging Off
- Unable to logout from ASP.NET MVC application using FormsAuthentication.SignOut()
- FormsAuthentication.SignOut() does not log the user out
- Single Sign-on SignOut problem : FormsAuthentication.SignOut() is not working
- FormsAuthentication.SignOut not working as expected
- FormsAuthentication.SignOut() on server
- FormsAuthentication.SignOut() using javascript
- FormsAuthantication sign out