I am working on a web application using the Provider Members Provider to implement authentication and user / role access to application sections.
I use the LoginStatus control on my homepage as a link to LoginStatus , but when testing, I found that logging out does not work. If I try to access any page of my application again (after logging out), the page will be shown ...
I believe that this problem depends on the data stored in the user session that is not automatically cleared. It is right?
So what is the root way to implement logout and clear the session?
Note I do not implement any event for the LoginStatus control. I use authentication. On my login page, I use this code:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // Ticket version this.txtUser.Text, // Username associated with ticket DateTime.Now, // Date/time issued DateTime.Now.AddMinutes(30), // Date/time to expire true, // "true" for a persistent user cookie ruolo, // User-data, in this case the roles FormsAuthentication.FormsCookiePath); string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, hash); if (ticket.IsPersistent) { cookie.Expires = ticket.Expiration; } Response.Cookies.Add(cookie);
In the web.config system.web section:
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" path="/" domain="keyforup.it"/> </authentication> <authorization> <deny users="?"/> </authorization>
source share