1

I have a problem with ASP.Net MVC regarding authentication. The user managed to login and log out with no problem but when I click the back button is in the browser on the watch still logged in !!! Can someone help me!!! I also remind you that I am not using the default authentication of Visual Studio

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult Login(LoginViewModel model)
    {
        if (ModelState.IsValid)
        {
            var isValidUser = IsValidUser(model);

            if(isValidUser != null)
            {
                FormsAuthentication.SetAuthCookie(model.UserMail, true); 
                return RedirectToAction("Index", "Home");
            }
            else
            {
                ModelState.AddModelError("Eror", "Invalid login attempt");
                return View();
            }
            
        }
        else
        {
            return View(model);
        }
    }

 public User IsValidUser(LoginViewModel model)
    {
        using(var db = new DbCaimanContext())
        {
            User user = db.Users.Where(q => q.UserMail.Equals(model.UserMail) && q.Password.Equals(model.Password)).SingleOrDefault();

            if (user == null)
                return null;
            else
                return user;
        }
    }

And here is my disconnection method :

public ActionResult LogOut()
    {
        FormsAuthentication.SignOut();
        Session.Abandon();
        return RedirectToAction("Login");
    }
ThunderBlack
  • 21
  • 3
  • Please give details of your authentication method, and a code example, e.g. how you log the user out. – Tsahi Asher Sep 03 '20 at 11:52
  • I just updated my post – ThunderBlack Sep 03 '20 at 12:07
  • Have you tried Session.Clear(); before the Session.Abandon(); ? – Sycraw Sep 03 '20 at 12:14
  • no not yet i will do it right now... – ThunderBlack Sep 03 '20 at 12:18
  • It's always the same, the user's information remains visible and it gives the impression that the user is still connected while it is indeed disconnected on the server side. – ThunderBlack Sep 03 '20 at 12:22
  • 1
    Does this answer your question? [How to clear browser cache when user log off in asp.net using c#?](https://stackoverflow.com/questions/22306090/how-to-clear-browser-cache-when-user-log-off-in-asp-net-using-c) It's possible that what you see after pressing browser's back button is in local cache. You could disable cache for that page. – derloopkat Sep 03 '20 at 12:26
  • that's exactly what i want. Thanks for your Help – ThunderBlack Sep 03 '20 at 12:36

1 Answers1

0

In your Login Get Method

    [AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {

        ViewBag.ReturnUrl = returnUrl;
        
        if (HttpContext.User.Identity.IsAuthenticated)
            return RedirectToAction("Index", "Main");// go to anywhere you want
        else
            return View();
    }
Wowo Ot
  • 1,362
  • 13
  • 21