Sitefinity - Remove Session after Logout

Question

I am trying to clear a HttpContext.Current.Session after User logs out of a Sitefinity page.

I saw in this link that you can check the Request.Url but I'm not exactly sure what the implementation is.

This is my current attempt:

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
    if (((System.Web.HttpApplication)(sender)).Request.Url.ToString() == HttpContext.Current.Server.MapPath("~/Sitefinity/Login/DoLogout"))
    {
        if (HttpContext.Current.Session["Cart"] != null) HttpContext.Current.Session.Remove("Cart");
        HttpContext.Current.Session["Cart"] = new List<IQuoteResult>();
    }
}

Please let me know if you have any tips or suggestions, or if I'm completely wrong with my logic.

Thanks in advance.

UPDATE:

protected void Application_PostAcquireRequestState(object sender, EventArgs e)
    {
        if (((HttpApplication)(sender)).Request.Url.ToString().Contains("sign_out=true"))
        {
            if (HttpContext.Current.Session["Cart"] != null)
            {
                HttpContext.Current.Session.Remove("Cart");
                HttpContext.Current.Session["Cart"] = new List<IQuoteResult>();
            }
        }
    }

This is my next attempt at completing the same task but I keep receiving a NullReferenceException...

Note: I've also tried this method in the Application_AcquireRequestState method.

Here is the stack:

[NullReferenceException: Object reference not set to an instance of an object.]
SitefinityWebApp.Global1.Application_PostAcquireRequestState(Object sender, EventArgs e) +137
 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +91
 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +164

score 2 · Accepted Answer · answered Jul 24 '15 at 12:06

This ended up being my solution:

public bool IsUserLoggingOut { get; set; }

protected void Application_PostAcquireRequestState(object sender, EventArgs e)
{
    if (((HttpApplication)(sender)).Request.Url.ToString().Contains("/Sitefinity/SignOut"))
    {
        IsUserLoggingOut = true;
    }
    if (IsUserLoggingOut && SystemManager.CurrentHttpContext.Session != null)
    {
        SystemManager.CurrentHttpContext.Session.Remove("Quote");

        IsUserLoggingOut = false;
    }
}

Looks like Sitefinity has its own SystemManager to access the http context. It worked perfectly.

chrisg · Answer 2 · 2015-07-17T20:01:43.737

1

That's pretty close to how I would do it. The only change I would make is change your url comparison logic to be something like:

if (((System.Web.HttpApplication)(sender)).Request.Url.ToString().EndsWith("/Sitefinity/Login/DoLogout"))

Or potentially use .Contains() instead of EndsWith() -- not sure if there are any query-string parameters or trailing slashes added on the DoLogout action.

This is because Request.Url returns a URL (ex. https://stackoverflow.com/whatever) whereas Server.MapPath() returns a local path (ex. C:\inetpub\wwwroot\whatever), so you wouldn't be comparing apples to apples if you're comparing the two.

Edit: Something like this should work, just adding a check to see if the session is null

protected void Application_PostAcquireRequestState(object sender, EventArgs e)
{
    if (((HttpApplication)(sender)).Request.Url.ToString().Contains("sign_out=true"))
    {
        if (HttpContext.Current.Session != null && HttpContext.Current.Session["Cart"] != null)
        {
            HttpContext.Current.Session.Remove("Cart");
            HttpContext.Current.Session["Cart"] = new List<IQuoteResult>();
        }
    }
}

edited Jul 17 '15 at 20:01

answered Jul 15 '15 at 13:43

chrisg

76
5

So it turns out that Session is accessible in Application_AuthenticateRequest – terbubbs Jul 16 '15 at 17:33
I've updated with some new code and stack trace of the error.. not sure if you can help – terbubbs Jul 16 '15 at 17:36
Any idea where the null reference exception is occurring? Is it the Request.Url? Or the HttpContext.Current.Session? Either way, I would debug through it and find out which is null, then add a '!= null' before that offending line – chrisg Jul 17 '15 at 19:50
it's the Session because I removed the Request.Url IF statement and just checked if the Session != null – terbubbs Jul 17 '15 at 19:56
According to this http://stackoverflow.com/questions/1382791/asp-net-what-to-do-if-current-session-is-null, it looks like there are a few cases where session could be null, so I would investigate those. Otherwise, my edit should work. – chrisg Jul 17 '15 at 20:02
1

thanks for all your help. i saw that post previously. i think there is something funky with sitefinity. – terbubbs Jul 17 '15 at 20:51

Sitefinity - Remove Session after Logout

2 Answers2