Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I force a log out of all users for a website?

I'm using MySQL Connector/.NET, all its providers with FormsAuthentication.

I need all users to log out at some moment. The method FormsAuthentication.SignOut() does not work like I want.

How can I make a logout of all site users?

like image 532
Jean Louis Avatar asked Mar 30 '11 15:03

Jean Louis


People also ask

What is force logout?

The Force Logout command logs a user out of the CORE Server. This command is accessed from the sessions section of the administrative tools, and the selected active users are logged out. The login screen appears for the user to exit CORE or log back in.

How do I log out of Wordpress?

1. Click the avatar at the top-right corner of the page. 2. Click the “Sign Out” link below the large profile photo on the page.


1 Answers

As Joe suggests, you could write an HttpModule to invalidate any cookies present before a given DateTime. If you put this in the config file, you could add / remove it when necessary. For example,

Web.config:

<appSettings>
  <add key="forcedLogout" value="30-Mar-2011 5:00 pm" />
</appSettings>

<httpModules>
  <add name="LogoutModule" type="MyAssembly.Security.LogoutModule, MyAssembly"/>
</httpModules>

HttpModule in MyAssembly.dll:

public class LogoutModule: IHttpModule
{
    #region IHttpModule Members
    void IHttpModule.Dispose() { }
    void IHttpModule.Init(HttpApplication context)
    {
        context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
    }
    #endregion


    /// <summary>
    /// Handle the authentication request and force logouts according to web.config
    /// </summary>
    /// <remarks>See "How To Implement IPrincipal" in MSDN</remarks>
    private void context_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpApplication a = (HttpApplication)sender;
        HttpContext context = a.Context;

        // Extract the forms authentication cookie
        string cookieName = FormsAuthentication.FormsCookieName;
        HttpCookie authCookie = context.Request.Cookies[cookieName];
        DateTime? logoutTime = ConfigurationManager.AppSettings["forcedLogout"] as DateTime?;
        if (authCookie != null && logoutTime != null && authCookie.Expires < logoutTime.Value)
        {
            // Delete the auth cookie and let them start over.
            authCookie.Expires = DateTime.Now.AddDays(-1);
            context.Response.Cookies.Add(authCookie);
            context.Response.Redirect(FormsAuthentication.LoginUrl);
            context.Response.End();
        }
    }
}
like image 184
Brett Avatar answered Sep 21 '22 02:09

Brett