Cookies and session in asp.net how to delete it after the user clicks sign out button

Question

I am creating a cookie and a session

if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
        {
            //string useremail = Convert.ToString(txtUserName.Value);
            Session.Add("useremail", txtUserName.Value);
            FormsAuthenticationTicket tkt;
            string cookiestr;
            HttpCookie ck;
            tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now, 
            DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
            cookiestr = FormsAuthentication.Encrypt(tkt);
            ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
            if (chkPersistCookie.Checked)
            ck.Expires=tkt.Expiration;  
            ck.Path = FormsAuthentication.FormsCookiePath; 
            Response.Cookies.Add(ck);
        }

I am using this code to delete the cookie

 protected void SignOut_Click(object sender, EventArgs e)
    {
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
        {
            HttpCookie myCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
            myCookie.Expires = DateTime.Now.AddDays(-1d);
            Response.Cookies.Add(myCookie);
            Response.Redirect("Home.aspx");   
        }

   }

but still the cookie is there and I am able to see the user.aspx page after i sign out. how to sign out and should I also delete the value in the session if so how to do that

Thanks

http://stackoverflow.com/questions/412300/formsauthentication-signout-does-not-log-the-user-out and http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.signout.aspx — ScottE, Aug 17 '11 at 10:49
I think here is the solution of your problem: https://stackoverflow.com/a/51551957/3649347 — Tell Me How, Jul 27 '18 at 06:32
Check this once: https://stackoverflow.com/a/51551957/3649347 — Tell Me How, Jul 27 '18 at 06:33

score 2 · Accepted Answer · answered Aug 17 '11 at 10:50

2

Try This

    HttpContext.Current.Session.Remove("useremail");
    HttpContext.Current.Session.Abandon();

answered Aug 17 '11 at 10:50

Nithesh Narayanan

11,481
34
98
138

score 0 · Answer 2 · answered Aug 17 '11 at 10:35

0

When you perform a log out it is best to end the current session using Session.Abandon(). This will ensure that there is no session information that could be leaked.

answered Aug 17 '11 at 10:35

detaylor

7,112
1
27
46

So i dont need to delete the cookie? – rookie Aug 17 '11 at 10:40
Sorry, still remove the cookie and then call `Session.Abandon()`. – detaylor Aug 17 '11 at 11:42

Cookies and session in asp.net how to delete it after the user clicks sign out button

2 Answers2