How to "Log Off" a user

[GaryDean]

Using 1.1....
I have an application using Forms Authentication that, like all other such
applicaitons, uses FormsAuthentication.RedirectFromLoginPage to authenticate
a user.

at a point in time I want to "log off" that user meaning that I want that
user to no longer be authenticated and I would also like for the Session_End
event in global asax to trigger.

Is this possible?

 

[Sonu Kapoor [MVP]]

System.Web.Security.FormsAuthentication.SignOut()

Sonu Kapoor

 

[GaryDean]

signout does part of the job but the session_end does not execute in
global.asax. At least it is not doing it in my debug session.

 

[Steven Cheng[MSFT]]

Hi Gary,

As for the FormsAuthentication's authenticated user and the token, it has
no direct relation with the sessionState identity though be default their
idenitityall stores in cookie. So the SessionState's timeout event won't
fire when formsauthenticated user ticket get invalid. BTW, what're you
goind to do in session timeout event? If you just want to clear some
certain data in the sessionstate, you can manually define a function to
clear the session date which is called after you call the
Formsauthentication's Sigeout method.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[GaryDean]

Steven,
I need to maintain a database table showing all currently signed on users to
our application. My first notion was to add a record on session begin and
delete their record on session_end (knowing that session_end is triggered
after so much idle time). then, when thinking about the Signout I thought
this would provide a more accurate timing than waiting for session_end.

BUT, only some users explicitly signout - most just kill their browser. So,
I guess I'll just use session_begin and session_end as I originally
intended.

 

[Steven Cheng[MSFT]]

Thanks for your response Gary,

So you're wantting to count the current signon user. I think this is
something like counting the online users. Generally a common means is
maintain a global signon/online user list and there is a timestamp in the
list associated with each user in it. When the user request a server page
or do a postback, you can update that timestamp. Also, there is a
background thread or timer which always loop the list and check the
timestamp to see whether any one has been expired.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)