FormsAuthentication.SignOut() not working when manually creatinga ticket?

M

Matthias S.

Hi there,

I've created an application which is using Forms-based authentification.
My Login-Button event handler looks somewhat like this:

// validate the input, etc...
// sUserName holds now the users name

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, sUserName, DateTime.Now, DateTime.Now.AddMinutes(20),false,
nRoleID.ToString(),FormsAuthentication.FormsCookiePath);

// encrypt the ticket
string sEncTicket = FormsAuthentication.Encrypt(ticket);

// set the cookie
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
sEncTicket));

It seems to work ok. But if I later use FormsAuthentication.SignOut() in
order to remove the Ticket, the ticket does not get removed. Why is this?

Thanks in advance!

Matthias
 
A

Andy Fish

Matthias S. said:
Hi there,

I've created an application which is using Forms-based authentification.
My Login-Button event handler looks somewhat like this:

// validate the input, etc...
// sUserName holds now the users name

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, sUserName, DateTime.Now, DateTime.Now.AddMinutes(20),false,
nRoleID.ToString(),FormsAuthentication.FormsCookiePath);

// encrypt the ticket
string sEncTicket = FormsAuthentication.Encrypt(ticket);

// set the cookie
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
sEncTicket));

It seems to work ok. But if I later use FormsAuthentication.SignOut() in
order to remove the Ticket, the ticket does not get removed. Why is this?

Have you tried it with FormsAuthentication.SetAuthCookie() instead. This is
what I use and it seems to work, but I am not quite sure how this differs
from the method you are using.
 
M

Matthias S.

Hi,

I can't use the SetAuthCookie, since I have to assign a specific role to
the user. But starting the authenticated session works fine, only ending
it seems problematically.

Matthias
 
P

pb.bergeron

I had the same problem and was able to finally get this working
recently by using this code:

FormsAuthentication.SignOut()
' force Expiration of the cookie. this should "clear"
' the client-side data. the source of the issue ???
Context.Response.Cookies.Item( _
FormsAuthentication.FormsCookieName).Expires = Date.Now
Response.Redirect("login.aspx")

If you try to use the .Remove method instead of setting the existing
Item's Expire date, the application will not work out as expected.
This must be because Context.Response.Cookies collection is server-side
and if you Remove the item from the collection, it is never returned
back to the client. If it's not returned back, it will not be removed
(on the client side). This is the role of the Expiration Date.

I am assuming the Expires to Now forces the cookie to be removed on the
client side immediately. Perhaps it is this little bit of data on the
client that is causing the problem. It actually makes sense to me, but
it would be nice if this was more apparent from the documentation.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,734
Messages
2,569,441
Members
44,832
Latest member
GlennSmall

Latest Threads

Top