ASP.Net Identity sign-out all sessions

Question

How do you sign-out all sessions with ASP.NET Identity? Lets say you are signed-in from two different browser with the same user. When the user signs-out from one browser, the session of the other browser should be invalidated as well. (I need this to invalided all sessions of a user on password change.)

You can sign-out the current session with ASP.Net Identity with the following code.

var AutheticationManager = HttpContext.GetOwinContext().Authentication;
AuthenticationManager.SignOut();

This will not sign-out all sessions of a user.

Edit: The idea with the session was a good starting point. I solved the problem and wrote a blog post in case you have the same problem.

better post your solution here as an another answer, your blog post not well enough for reading because of poor formatting — anatol, Oct 15 '20 at 12:51

Patrick Hofman · Accepted Answer · 2014-09-30T07:30:58.517

5

You can achieve this by adding a newly created session from the Global.asax in a list.

Iterate afterwards to compare the user and SignOut the user's sessions.

protected void Session_Start(object sender, EventArgs e)
{
    MyGlobalObject.Sessions.Add(HttpContext.GetOwinContext().Authentication);
}

And later, in the signout event:

private void SignoutAll()
{
    foreach (var authenticationManager in MyGlobalObject.Sessions)
    {
        authenticationManager.SignOut();
    }
}

edited Sep 30 '14 at 07:30

answered Jan 19 '14 at 14:39

Patrick Hofman

153,850
22
249
325

What is `MyGlobalObject`? – Chris Jan 19 '14 at 16:48
An object you create to store the sessions in so you can enumerate them – Patrick Hofman Jan 19 '14 at 18:22

ASP.Net Identity sign-out all sessions

1 Answers1

Linked