0

I'm using https://www.c-sharpcorner.com/UploadFile/asmabegam/Asp-Net-mvc-5-security-and-creating-user-role/ demo to fully understand the ASP.Net Identity its a great demo just one aspect that I can't seem to pin point that I hope someone here can help me find.

In this code when a user is authenticated and leaves (without Logging out of the website) then comes back for some reason he's still "authenticated" and gets the "hello" on the Home index page. I can't figure out where in the code to redirect to the required page or to "log him off" ?

Would appreciate help

Regards

Meir Rotfleisch
  • 13
  • 3

2 Answers2

0

In the AccountController.cs, you need to put in a URL Link to call LogOff() action method when It is click on, so It will clear out the Login Authenticate Cookie in the browser.

//
// POST: /Account/LogOff
[HttpPost]
[HttpGet]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
    return RedirectToAction("Index", "Home");
}
Thomson Mixab
  • 657
  • 4
  • 8
  • Thanks for the response. For clarification the user isn't logging off just leaving the site. So I guess The question wasn't formulated correctly. – Meir Rotfleisch Jun 24 '21 at 06:53
0

In the identity.config, you can set session expiry and cookie expiry time as below.

 public void ConfigureAuth(IAppBuilder app)
{            
 var sessionTimeout = 40;

  app.UseCookieAuthentication(new CookieAuthenticationOptions
 {
    ExpireTimeSpan = TimeSpan.FromSeconds(20),
 });
}

If you are looking for a way to logoff the user when the browser is closed please refer this,

How do I log a user out when they close their browser or tab in ASP.NET MVC?

Darshani Jayasekara
  • 561
  • 1
  • 4
  • 14