FormsAuthentication.SignOut() problem

Discussion in 'ASP .Net Security' started by Zagor, Nov 10, 2004.

  1. Zagor

    Zagor Guest

    Hi All, (thanks in advance for your time)
    I have a standard login.aspx page (UserName\Password). When the user
    successully sign in they are redirected to a control panel page
    (admin.aspx), which contains a logout button with this code

    private void OnLogOutClicked(......)
    {
    FormsAuthentication.SignOut();
    lbStatus.Text= "You have successfully log out";
    }

    in this same page on PageLoad I have the below code

    private void Page_Load(.....)
    {
    if ( Request.IsAuthenticated = = true ) {...
    lbStatus.Text = "User" + User.Identity.Name + "is currenlty logged
    in";}
    }

    The problem is that when the user clicks the "Log Out" button the label
    status gets updated(fine) and if the user clicks any other buttons(on the
    page) they will be automatically redirect to the login page (fine), which
    basically confirm that he\she is logout and no operation can be done on the
    page.
    Now if I try to type in, the address manually I will be now able to access
    the page ( even is no operation can be done) but the label status get
    updated as logged in , which means that the user is STILL authenticated. How
    can ensure that if your are logged out , the Request.IsAuthenticated will be
    false!
    Please any help willl be appreciated

    Frank
     
    Zagor, Nov 10, 2004
    #1
    1. Advertising

  2. This might be a page local caching issue. When you manually call your
    authenticated page (write down the absolute URL to the address bar, what you
    actually see is the local cached copy of that page so you are not executing
    code on the server side. If you try to do anything that may trigger a server
    side event, then you will be redirected to your login page.
    If you don´t what your page to be cached locally, you may add this code to
    the page load event:

    this.Response.Cache.SetCacheability( HttpCacheability.NoCache );


    Hernan de Lahitte
    http://weblogs.asp.net/hernandl



    "Zagor" <> escribió en el mensaje
    news:...
    >
    > Hi All, (thanks in advance for your time)
    > I have a standard login.aspx page (UserName\Password). When the user
    > successully sign in they are redirected to a control panel page
    > (admin.aspx), which contains a logout button with this code
    >
    > private void OnLogOutClicked(......)
    > {
    > FormsAuthentication.SignOut();
    > lbStatus.Text= "You have successfully log out";
    > }
    >
    > in this same page on PageLoad I have the below code
    >
    > private void Page_Load(.....)
    > {
    > if ( Request.IsAuthenticated = = true ) {...
    > lbStatus.Text = "User" + User.Identity.Name + "is currenlty logged
    > in";}
    > }
    >
    > The problem is that when the user clicks the "Log Out" button the label
    > status gets updated(fine) and if the user clicks any other buttons(on the
    > page) they will be automatically redirect to the login page (fine), which
    > basically confirm that he\she is logout and no operation can be done on
    > the page.
    > Now if I try to type in, the address manually I will be now able to access
    > the page ( even is no operation can be done) but the label status get
    > updated as logged in , which means that the user is STILL authenticated.
    > How can ensure that if your are logged out , the Request.IsAuthenticated
    > will be false!
    > Please any help willl be appreciated
    >
    > Frank
    >
     
    Hernan de Lahitte, Nov 10, 2004
    #2
    1. Advertising

  3. Zagor

    Zagor Guest

    Hi Hernan,
    thank you, you got it!
    That was the problem.

    Frank



    "Hernan de Lahitte" <> wrote in message
    news:...
    > This might be a page local caching issue. When you manually call your
    > authenticated page (write down the absolute URL to the address bar, what
    > you actually see is the local cached copy of that page so you are not
    > executing code on the server side. If you try to do anything that may
    > trigger a server side event, then you will be redirected to your login
    > page.
    > If you don´t what your page to be cached locally, you may add this code to
    > the page load event:
    >
    > this.Response.Cache.SetCacheability( HttpCacheability.NoCache );
    >
    >
    > Hernan de Lahitte
    > http://weblogs.asp.net/hernandl
    >
    >
    >
    > "Zagor" <> escribió en el mensaje
    > news:...
    >>
    >> Hi All, (thanks in advance for your time)
    >> I have a standard login.aspx page (UserName\Password). When the user
    >> successully sign in they are redirected to a control panel page
    >> (admin.aspx), which contains a logout button with this code
    >>
    >> private void OnLogOutClicked(......)
    >> {
    >> FormsAuthentication.SignOut();
    >> lbStatus.Text= "You have successfully log out";
    >> }
    >>
    >> in this same page on PageLoad I have the below code
    >>
    >> private void Page_Load(.....)
    >> {
    >> if ( Request.IsAuthenticated = = true ) {...
    >> lbStatus.Text = "User" + User.Identity.Name + "is currenlty logged
    >> in";}
    >> }
    >>
    >> The problem is that when the user clicks the "Log Out" button the label
    >> status gets updated(fine) and if the user clicks any other buttons(on the
    >> page) they will be automatically redirect to the login page (fine), which
    >> basically confirm that he\she is logout and no operation can be done on
    >> the page.
    >> Now if I try to type in, the address manually I will be now able to
    >> access the page ( even is no operation can be done) but the label status
    >> get updated as logged in , which means that the user is STILL
    >> authenticated. How can ensure that if your are logged out , the
    >> Request.IsAuthenticated will be false!
    >> Please any help willl be appreciated
    >>
    >> Frank
    >>

    >
    >
     
    Zagor, Nov 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Johnson
    Replies:
    6
    Views:
    3,759
    tharadk
    Jul 24, 2009
  2. Ali
    Replies:
    1
    Views:
    344
    Egbert Nierop \(MVP for IIS\)
    Jan 29, 2004
  3. Ed West
    Replies:
    0
    Views:
    382
    Ed West
    Aug 23, 2004
  4. Nitin
    Replies:
    2
    Views:
    682
    Nitin
    Mar 31, 2005
  5. Signout does not signout.

    , Apr 4, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    472
Loading...

Share This Page