Levesque Xylia
Reputation: 369
How to permanently logout the user from my asp.net core application?
I am new in ASP.NET CORE, so please understand me.
I am currently developing a Login and Logout Process for my application in .Net Core.
My problems are:
- After Log Out, the session is not abandon nor deleted.
- After Log Out, If I click the back button of the browser, it will be redirected to the page where you trigger the logout button.
These are my ideas but I don't know how to do it.
- If the user Logout, the session will be deleted and abandon.
- After the user clicks the Logout and then click the back button of the browser, I want to show the
Confirm Form Resubmissionand Redirect him to Login where he can login their Account.
Here is my code:
LoginController.cs
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Login(LoginModel userLogin)
{
ILogicInterface<UserInput, SystemResult> dbLogic = new LoginLogic();
UserInput userInput = new UserInput();
userInput[typeof(LoginModel).FullName] = userLogin;
SystemResult systemResult = dbLogic.DoProcess(userInput);
bool userExist = systemResult.ResultCode
== SystemResult.RESULT_CODE_SUCCESS;
if (userExist)
{
LoginInfomation loginInfomation =
systemResult[typeof(LoginInfomation).FullName] as LoginInfomation;
HttpContext.Session.SetString("userInfo"
, JsonConvert.SerializeObject(loginInfomation));
Claim[] claims = new[] {
new Claim(ClaimTypes.Name, loginInfomation.E_mail)
, new Claim(ClaimTypes.Role
, AccountInformation.GetRole(loginInfomation.AccountInfo.roleID))
};
ClaimsIdentity identity =
new(claims, CookieAuthenticationDefaults.AuthenticationScheme);
AuthenticationHttpContextExtensions.SignInAsync(HttpContext
, new ClaimsPrincipal(identity));
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError(string.Empty
, "The specified email or password is incorrect.");
return View(userLogin);
}
}
HomeController.cs
public IActionResult Logout()
{
AuthenticationHttpContextExtensions.SignOutAsync(HttpContext
, CookieAuthenticationDefaults.AuthenticationScheme);
return RedirectToAction("Login", "Login");
}
Startup.cs
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(10);
options.Cookie.IsEssential = true;
});
services.ConfigureApplicationCookie(options => {
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
options.LoginPath = new PathString("/Login/Login");
});
Can someone help me to achieve the ideas listed above. Thank you and Regards,
Upvotes: 3
Views: 11024
Answers (2)
Lara
Reputation: 574
Try adding the customHeaders in in web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />
<add name="Pragma" value="no-cache" />
<add name="Expires" value="0" />
</customHeaders>
</httpProtocol>
</system.webServer>
Upvotes: 3
Abi Chhetri
Reputation: 1447
Please Try Once this
In Startup.cs
services.AddSession(options =>
{
options.Cookie.Name = "ExampleSession";
options.IdleTimeout = TimeSpan.FromMinutes(10);
options.Cookie.IsEssential = true;
});
In Controller
public async Task<IActionResult> Logout()
{
try
{
await HttpContext.SignOutAsync("ExampleSession");
return RedirectToAction("Login", "Login");
}
catch (Exception ex)
{
throw ex;
}
}
Upvotes: 1
Related Questions
- How to logout all users in ASP.NET Core cookie authentication?
- Make a logout button in ASP.NET Core
- How to log off user immediately after the view in .NET Core
- Force logout in ASP.NET MVC Core
- Logs User Out, Before I Tell It To
- Asp .net core auomatic logout after users idle time
- .net core 2.2 Session logout
- ASP.net 2.2 MVC: Logout
- asp.net core 2 authorization Logout MVC
- how to logout the user from my asp.net application?