0

I have been given a task to sort out a bug in a SilverLight application, however my knowledge of authentication is basic at best so I am quite stuck and looking for help.

The issue is that if a user logs into the application, then opens another browser tab/window and accesses a URL from within the application, this is perfectly acceptable and the system works ok as far as we know. The problem arises when the user logs out of the application from one tab/window and then tries to continue to work on the other tab/window, in which case a variety of errors are thrown depending on what the user does.

We already have a timer in the application to detect connection issues with the database so I thought that checking that the user is authenticated here would be a good start, so I checked for AuthenticationService.User.Identity.IsAuthenticated, but unfortunately that is always true. So I researched and debugged my code and that property is actually set to false once the Logout method has completed, however this doesn't seem to be the case when I debug the application once the user has logged out on the other tab/window.

I have researched on the internet, but all the similar issues I can find are caused by something that isn't relevant, or that I don't understand completely.

The system uses an authentication class which is inherited from FormsAuthentication, but all the Login and Logout functions use the base WCF RIA AuthenticationService service methods.

Could anyone make some suggestions as what could be the issue?

XN16
  • 5,679
  • 15
  • 48
  • 72
  • If you try to do any action in the second tab, while you have logged out from the first one, do you get any errors caused by the fact that you are logged out? – Cornea Ali Feb 10 '14 at 13:13
  • @CorneaAli The errors which I get are usually based around services failing, which makes sense as the user has logged out of the `AuthenticationService`, but the application only seems to 'realise' this when it tries to call a service. – XN16 Feb 10 '14 at 13:57

1 Answers1

1

When you log out basically what happens is that the server will destroy your session in the server memory/session state etc. If there is a new request from the same client the server will read the session id cookie and try to match it with one of the existing sessions. If this session will not be found then we will get the exception you are facing.

Having a SilverLight application this is basically a client application which will not send any request to the server until it really requires is ( Service call). I think you should send a log out message to all of your application instances to log out the user also on the client side everywhere else.

Maybe this links will help you

Can silverlight detect or communicate across browser instances?

Writing a javascript file from another javascript

Community
  • 1
  • 1
Cornea Ali
  • 148
  • 7
  • I used the messaging system that was detailed in one of your links. A lot of work and testing, but it seems to work quite well. Thanks. – XN16 Feb 26 '14 at 15:35