0

I have a problem with the user Login and Logout in an MVC3 application. Here's an example of my logout actions in my user controller:

public ActionResult Logout()
{
    FormsService.SignOut();
    Session.Clear();
    return RedirectToAction("index", "home");
}

Once a user clicks Logout this action is called, it clears the session information and then the user is redirected to the index page.

On my index page I call a C# helper to display a message like this:

@section links { @Html.HdrLinks("Home", "", Context.User) }

Here's part of the code of the helper:

System.Security.Principal.IPrincipal user

if (user.Identity.IsAuthenticated)
{
   return new MvcHtmlString("Welcome " + user.Identity.Name);
}

My problem is that when the index page displays IMMEDIATELY AFTER the logout it still shows the same session information. In other words it still shows a message like "Welcome John". Only AFTER I refresh the page in the browser does it correctly see that there user name is not set in the session.

Does anyone have any ideas on what I can do to make it so that after a logout and a redirect then the index page does not still think the user is logged in? For example is there some call other than RedirecToAction that I could execute that would help me.

UPDATE:

It would seem that when I change my code to the following then it does what I want and when it gets to display the index page then it does not show me I am still logged in. However I am not sure why this works.

FormsService.SignOut();
Session.Clear();
Session.Abandon();
return new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home", action = "Index" }));
tereško
  • 58,060
  • 25
  • 98
  • 150
Rubin
  • 375
  • 2
  • 6
  • 12
  • 2
    http://stackoverflow.com/questions/412300/formsauthentication-signout-does-not-log-the-user-out Check this out, might help :) – Kevin Cloet Sep 13 '11 at 09:11

2 Answers2

0

It might be a cache problem. Have you checked that when your code ask a browser to make redirect then the browser really makes a new request to the index page? Just set a breakpoint at index action and take a look to Session property.

Vasiliy Shiryaev
  • 600
  • 4
  • 12
  • I checked and it doesn't even call the action method at all. I am guessing it's because I have the cache set as below: [OutputCache(Duration = 86400, VaryByParam = "none")] public ActionResult Index() – Rubin Sep 13 '11 at 12:09
  • If you put [OutputCache] on an action method then yes, the action should not be called at all. The thing is that Cache is not varied by user. Here is good brief description of how it works http://stackoverflow.com/questions/3444245/using-asp-net-mvc-outputcache-while-varying-view-content-based-on-whether-user-is/3444468#3444468[/link]. However i cant explain then why you get corrert page after pressing F5. – Vasiliy Shiryaev Sep 14 '11 at 06:45
  • Please pay attention that you will not solve the problem by removing item from cache when user logging in or out ( http://stackoverflow.com/questions/7404261/can-i-force-mvc-to-get-a-new-page ) because _all users will share the same cached view_ – Vasiliy Shiryaev Sep 14 '11 at 09:17
0

Here's a Link to another posting that describes the two things you need to do in more detail:

  1. You need to clear the Session, Auth Cookie, and Session Cookie and return the cookies in the response.

  2. You need to Invalidate the Cache on the Client so user's can't visit cached pages by hitting the browser's back button.

See the Link for details....

Community
  • 1
  • 1
justdan23
  • 560
  • 7
  • 9