I'm trying to logout a user and managed to do so in different ways:
A simple Formsauthentication.Signout()
Clearing the session variables (System.Web.HttpContext.Current.Session.Clear)
Abandoning the session (System.Web.HttpContext.Current.Session.Abandon)
Force the cookies to expire (adding the expired cookie to the httpcontext.current.response)
On one machine, all of these methods will successfully log out the user. On another machine none of these methods work.
I am sure that above code runs in both cases, but in the second case the httpcontext.current.user remains as the first logged in user.
I have not found any differences between the two servers when searching the IIS 7.5 manager. Are there any other settings that would prohibit the cookies or session variables from being cleared?
Had the same issue for a while untill I discovered my problem.
While building a second website for another I copied pretty much most settings from the web.config file, inluding authenticationsettings (cookiename) and machinekeysettings (validationkey and decryptionkey). On both webites I was registred as a user with
the samen login and pw.
Even when I signed of on one site, I remained loggedon because the cookies for both websites were identical!
Changing the machinekeysettings in de web.config solved my problem.
victor_a
0 Points
2 Posts
Logout issue, formsauthentication
Nov 13, 2012 12:13 PM|LINK
Hi,
I'm trying to logout a user and managed to do so in different ways:
On one machine, all of these methods will successfully log out the user. On another machine none of these methods work.
I am sure that above code runs in both cases, but in the second case the httpcontext.current.user remains as the first logged in user.
I have not found any differences between the two servers when searching the IIS 7.5 manager. Are there any other settings that would prohibit the cookies or session variables from being cleared?
johnyM456
Contributor
2177 Points
347 Posts
Re: Logout issue, formsauthentication
Nov 13, 2012 01:14 PM|LINK
Had the same issue for a while untill I discovered my problem.
While building a second website for another I copied pretty much most settings from the web.config file, inluding authenticationsettings (cookiename) and machinekeysettings (validationkey and decryptionkey). On both webites I was registred as a user with the samen login and pw.
Even when I signed of on one site, I remained loggedon because the cookies for both websites were identical!
Changing the machinekeysettings in de web.config solved my problem.
victor_a
0 Points
2 Posts
Re: Logout issue, formsauthentication
Nov 13, 2012 01:49 PM|LINK
In the IIS manager i've set it to automatically generate unique keys at runtime so I dont think this is my problem
johnyM456
Contributor
2177 Points
347 Posts
Re: Logout issue, formsauthentication
Nov 13, 2012 04:34 PM|LINK
In that case I'm out of idea's.
Sorry
Catherine Sh...
All-Star
23382 Points
2490 Posts
Microsoft
Re: Logout issue, formsauthentication
Nov 15, 2012 07:03 AM|LINK
Hi,
In order to resolve your issue, please try to do as follows:
1. Check whether the configuration of IIS is same.
2. Check whether the cookies are disabled in another server.
Best wishes,
Feedback to us
Develop and promote your apps in Windows Store
Ruchira
All-Star
42975 Points
7025 Posts
MVP
Re: Logout issue, formsauthentication
Nov 16, 2012 05:07 PM|LINK
Hello,
Try this for logout
FormsAuthentication.SignOut(); Session.Abandon(); HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, ""); cookie1.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie1); HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", ""); cookie2.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie2); FormsAuthentication.RedirectToLoginPage();
My Tech blog | My YouTube ChannelPlease 'Mark as Answer' if this post helps you.