protected void Button2_Click(object sender, System.EventArgs e) //logout
{
if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
System.Web.HttpContext.Current.Session.Abandon(); // it isn't logout >_<
}
}
how to logout ? :P
If you're using the standard membership providers and forms authentication:
FormsAuthentication.SignOut();
HttpContext.Current.Session.Abandon();
Usually works a treat.
Be aware that if the user presses back in their browser, they will probably see the cached (logged in) version.
Edit to respond to comment
I was under the impression that FormsAuthentication.Signout:
Removes the forms-authentication ticket from the browser.
And that as the authentication ticket is completely separate from, and unrelated to the session token, if you want to completely clear all knowledge of the user from the server at that point, calling Session.Abandon is a good thing to do. I'm aware that a new session will be created for them on the next page request - I'd be interested to see documentation to the contrary.
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
This should log-off the user and take him to Login page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With