FormsAuthentication.SignOut(); doesn't work...

[mo]

my current project uses FormsAuthentocation.. I need a logoff page -

may logo off page contains the following in the Page_Load:
Session.Abandon();

FormsAuthentication.SignOut();

After 'logging off', HttpContext.Current.User.Identity.IsAuthenticated and
Request.IsAuthenticated is still true and the user can still access pages
that they should net be able to..

What's up with this??? I've seen quite a few posts on the web, but no firm
answer



thanks!

 

[Dominick Baier [DevelopMentor]]

Hello mo,

use a tool like www.fiddlertool.com to check if the cookie is really cleared...

 

[mo]

Hey - very nice tool! Thanks!!!

that's exactly the problem, the cookie is not cleared. Therefore the user is
still able to roam about the site - they are never logged off. Another
strange thing is that if a user does log back on, it DOES reset the cookie.
I am not using persistent cookies either...

My login code is below:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
Request.Form["username"],
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
false,
userContextElement.OuterXml,
FormsAuthentication.FormsCookiePath
);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect to requested url...

???

thanks,
mo

 

[mo]

Finally!

I found that the 'path' is the culprit in the web.config.

I changed from: 'path="~/" to: path="/" and now it works...

Thanks for the tips on the tools Dominick .