Re: Logout

From: Ron Cicotte (msnews@summerstreet.net)
Date: 04/22/03


From: "Ron Cicotte" <msnews@summerstreet.net>
Date: Mon, 21 Apr 2003 18:01:23 -0400


Victor,

I am using forms authentication and it seems to work fine except for the
FormsAuthentication.Signout(). I have a login page with the following code
in the Page_Load function:

private void Page_Load(object sender, System.EventArgs e)

{

//utilities for managing database I/O

Util=new vci_Utilities(this);

if (!IsPostBack)

{

// check forms authentication and set isloggedin = true if the user is
logged in.

LoginCookies();

// auto logout when coming back to this page after logging in

if(isLoggedIn)

{

FormsAuthentication.SignOut();

isLoggedIn = false;

Session.Abandon();

Response.Redirect("Login.aspx",true);

}

Login_Show();

}

else

{

uid = Int32.Parse(ViewState["uid"].ToString());

isLoggedIn = (bool)ViewState["IsLoggedIn"];

}

}

LoginCookies tests to see if the user is logged in using the
Request.IsAuthenticated attribute and sets a page var (bool isLoggedIn)
based on the result. The problem is that the the SignOut() method is not
removing the authentication cookie as expected. Request.IsAuthenticated
always returns true. I have a watch on the IsAuthenticated attribute in my
VS debugger and it does not change after the Signout() method is invoked. I
test it immediately following the repost after redirection and it is still
true.

What can I do?

I have posted this elswhere in this newsgroup but this seemed an appropriate
place to bring it up again.

Thanks for whatever advice you may have.

-ron

"Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> wrote in message
news:#G7fAuQBDHA.2376@TK2MSFTNGP10.phx.gbl...
> Hi Brian,
>
> Take a look at the FormsAuthentication.SignOut method,
>
> --
> Victor Garcia Aprea
> Microsoft MVP | ASP.NET
>
> "Brian Morris" <brian@usd475.com> wrote in message
> news:ege6kWPBDHA.28568@TK2MSFTNGP10.phx.gbl...
> > I have an application that I am using FormsAuthentication on. I don't
> fully
> > understand the process and copied the code to make it work from a book.
> >
> > What I want to make is a Logout button that destroys their
authentication.
> > I would guess that this is pretty easy since using this authentication
> > method was pretty easy in the first place.
> >
> > Can someone please provide me with the syntax to make the application
> think
> > I am no longer authenticated. I don't want to have my client close
their
> > browser and am not sure that would work anyway. I haven't tried that
> > because I am still developing my app.
> >
> > tia,
> > -brian
> >
> >
>
>