How do you delete the ?ReturnToUrl query string on log out?
-
06-07-2019 - |
Question
I have this in my LoginControl.ascx code behind:
protected void Logout_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();
Response.End;
//Response.Redirect("default.aspx");
}
I expected that on logout the user would be redirected to the login page (default.aspx in this case) and there would be NO query string attached. Instead, what I see on the URL is:
http://kab.domain.com/default.aspx?ReturnUrl=%2fAdministration%2fCharacter%2fView.aspx
So now, after logging out, I want to log in as another person (with lesser privileges) and on a successful login it redirects me to a page that this new login does not have permissions to see! <grrr />
I realize that the "normal" user will never run into this issue but the test users do and it is a bug as far as they are concerned.
Even with the Response.Redirect I still get the query string. How do I get rid of the query string at logout???
Solution
Try this:
Response.Redirect(FormsAuthentication.LoginUrl);
OTHER TIPS
public partial class MasterPage : System.Web.UI.MasterPage
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void signout_Click(object sender, EventArgs e)
{
Response.Write("<script language=javascript>var wnd=window.open('','newWin','height=1,width=1,left=900,top=700,status=no,toolbar=no,menubar=no,scrollbars=no,maximize=false,resizable=1');</script>");
Response.Write("<script language=javascript>wnd.close();</script>");
Response.Write("<script language=javascript>window.open('login.aspx','_parent',replace=true);</script>");
Session["name"] = null;
}
}
I'm also adding on all page this code.
protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetAllowResponseInBrowserHistory(false);
}
}