How does log off work in DNN 5.x?

Question

We are seeing an issue where the Session isn't being abandoned in DNN. I'm not sure if this is was a 4.5.x issue as we upgraded a while ago to 5.x and maybe referencing an older control.

The login/logoff control we are referencing in our module is DotNetNuke.UI.Skins.Controls.Login located in path DNN_Web_Root/admin/Skins/login.ascx

In there it looks like it does a redirect to logoff.aspx which then goes through the LogoffHttpHandler, which then goes somewhere to complete the logoff process however I cannot find where that process is to see if Session.Abandon is being called.

Can anyone answer the following:

• Is there an issue with DNN where Session.Abandon is not being called on Logoff?
• What is the process that actually handles the LogOff process?

Answer 1

Logoff is normally handled by Desktopmodules\Admin\Authentication\Logoff.ascx. The main action is to clear the authentication cookie, along with a few other cookies and some user specific cached data.

DotNetNuke NEVER uses Session for anything and does not clear Session during a log off.