Should do it...don't forget the redirect...
I think I once looped through cookies collection before redirect and set an earlier expires date.
Nah...doesn't matter where on site you send them. Just need to redirect to be sure that everything is reset for current user.
Daniel, when I run the code the Session (or HttpContext.Current.Session) object is null. I'm running MVC obviously - any ideas on how to tackle that?
Also, I've tried adding the following to web.config:
<system.webServer> <modules runAllManagedModulesForAllRequests="true"> ... <remove name="Session"/> <add name="Session" type="System.Web.SessionState.SessionStateModule"/> </modules>
I'm trying to understand something similar....
My logout action looks like this:
public virtual ActionResult Logout(string returnUrl)
// Log out user:
// Get anonymous logged-out user ID:
var anonymousUserId = PrincipalInfo.CurrentPrincipal.GetContactId(); //doesn't work, still returns logged-in user ID
// do some stuff.... etc.
As you can see, I want to get a new anonymous user ID from PrincipalInfo.CurrentPrincipal.GetContactId() after logging the user out. Is that possible? It seems like my call to PrincipalInfo.CurrentPrincipal.GetContactId() still returns the logged-in ID. Your comments above seem to indicate that I must redirect to another action first. Is that right?
Yes. If you don't redirect you will get some strange things like that. The current request still has authentication cookies etc. Redirecting will clear everything...
is it cookieless?
if (FormsAuthentication.CookieMode != HttpCookieMode.UseCookies)
@ K Khan -
Hmmmm, what would be the "correct" way to capture the anonymous user ID after every logout?
We cannot predict where our logout action redirects to because it redirects to "whatever page the user was viewing when the clicked logout". (so that could be ANY page).
Is there some event, or something, that I can tap into to reliably get that anonymous ID after a logout?
According to Microsoft: The SignOut method removes the forms-authentication ticket information from the cookie or the URL if CookiesSupported is false.
as hinted by the header I need some possible help and/or input regarding FormsAuthentication.SignOut(). I have a custom log out button that works fine when using Chrome/FF, but when the customer is using IE11 it doesn't sign out the user.
However: the user get's signed out of EPiServer, but when I check user roles manually (after_ SignOut() ofc), Roles.IsUserInRole([ some groups]) still returns TRUE, and then the code logic fails since it should be returning FALSE (obviously).
Is there a IE quick fix for this? Clearing of certain cookies or what not? Or something I've missed?