Session not expiring after logout

StackOverflow https://stackoverflow.com/questions/19157498

  •  30-06-2022
  •  | 
  •  

Pergunta

I am storing username and password in session when user logins. After logout, when I press Back button of browser, it again goes to the home page of the user. I want that the session must expire so that after logout when user presses back button, he get's rediected to the login page.

I have already tried 

Session.RemoveAll();
Session.Abandon();
Session.Remove("StoreUser");

StoreUser is the name of the session that contains username and password.

Foi útil?

Solução

Use FormsAuthentication.SignOut when your logout button click event , look below code 

public void LogoutLink_OnClick(object sender, EventArgs args)
{
  FormsAuthentication.SignOut();
  FormsAuthentication.RedirectToLoginPage();
}

and see this previous useful discussion : ASP.NET authentication login and logout with browser back button

Outras dicas

I used FormsAuthentication.SignOut();

and on an other place in my webapplication, I have this on my WebForm when the user is logged in:

<asp:LoginStatus ID="LoginStatus1" LogoutImageUrl="~/Img/Logout.png" 
    BackColor="Transparent" runat="server" onloggingout="LoginStatus1_LoggingOut" />

and this in the code behind:

protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e)
{
    MembershipUser u = Membership.GetUser(HttpContext.Current.User.Identity.Name);
    u.LastActivityDate = DateTime.Now.AddMinutes(-Membership.UserIsOnlineTimeWindow);
    Membership.UpdateUser(u);
}

may following link help you - http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout

your session is getting cleared but the cache of your page is getting stored at client side. You have to handle that.

## IN Global.asax file you have to clear all the session in Session_end event ##
clear all the session in this event.

     protected void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
// Note: The Session_End event is raised only when the sessionstate mode
// is set to InProc in the Web.config file. If session mode is set to StateServer
// or SQLServer, the event is not raised.

}
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top