Forms Authentication SignOut does not remove Cookie

From: Ron Cicotte (msnews@summerstreet.net)
Date: 04/22/03

Next message: Jonathan Folland: "Win2k3 Event Log and Security: Must choose between security and trustworthy"
Previous message: Bassel Tabbara [MSFT]: "Re: Setting Principal for HttpWorkerRequest"
Next in thread: Ron Cicotte: "Re: Forms Authentication SignOut does not remove Cookie"
Reply: Ron Cicotte: "Re: Forms Authentication SignOut does not remove Cookie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ron Cicotte" <msnews@summerstreet.net>
Date: Mon, 21 Apr 2003 21:25:19 -0400

I am using forms authentication and it seems to work fine except for the
FormsAuthentication.Signout(). I have a login page with the following code
in the Page_Load function:

private void Page_Load(object sender, System.EventArgs e)

{

//utilities for managing database I/O

Util=new vci_Utilities(this);

if (!IsPostBack)

{

// check forms authentication and set isloggedin = true if the user is
logged in.

LoginCookies();

// auto logout when coming back to this page after logging in

if(isLoggedIn)

{

FormsAuthentication.SignOut();

isLoggedIn = false;

Session.Abandon();

Response.Redirect("Login.aspx",true);

}

Login_Show();

}

else

{

uid = Int32.Parse(ViewState["uid"].ToString());

isLoggedIn = (bool)ViewState["IsLoggedIn"];

}

LoginCookies tests to see if the user is logged in using the
Request.IsAuthenticated attribute and sets a page var (bool isLoggedIn)
based on the result. The problem is that the the SignOut() method is not
removing the authentication cookie as expected. Request.IsAuthenticated
always returns true. I have a watch on the IsAuthenticated attribute in my
VS debugger and it does not change after the Signout() method is invoked. I
test it immediately following the repost after redirection and it is still
true.

What can I do?

Next message: Jonathan Folland: "Win2k3 Event Log and Security: Must choose between security and trustworthy"
Previous message: Bassel Tabbara [MSFT]: "Re: Setting Principal for HttpWorkerRequest"
Next in thread: Ron Cicotte: "Re: Forms Authentication SignOut does not remove Cookie"
Reply: Ron Cicotte: "Re: Forms Authentication SignOut does not remove Cookie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Logout
... What version of .NET Framework are you using? ... There is a bug with Signout() ... | I am using forms authentication and it seems to work fine except for the ... | // check forms authentication and set isloggedin = true if the user is ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Logout
... I am using forms authentication and it seems to work fine except for the ... // check forms authentication and set isloggedin = true if the user is ... VS debugger and it does not change after the Signout() method is invoked. ... > Victor Garcia Aprea ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Forms Authentication SignOut does not remove Cookie
... the cookie unless the path is also set correctly when the cookie is created ... leave the Forms Authentication path setting in Web.config ... > LoginCookies tests to see if the user is logged in using the ... > VS debugger and it does not change after the Signout() method is invoked. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: How to disable the IE Back button
... If you are using Forms authentication it should not happen that, ... when you hit the back button it will ask for user name and password again. ... > our application when ever the user presses the SIGNOUT button. ... > Raghuraman(a drop in the ocean) ...
(microsoft.public.dotnet.framework.aspnet)