0
votes

This seems to be a very trivial question but still I am not able to get it running. I am building an asp.net web application and I am using forms authentication here. The following steps I have followed.

1) In web.config this is the entry


    <authentication mode="Forms">
          <forms loginUrl="Default.aspx" timeout="30" defaultUrl="StockTips.aspx" cookieless="UseCookies"
                 slidingExpiration="true" />
        </authentication>
        <sessionState mode="InProc" cookieless="false" timeout="30" />

2) In default.aspx I have used custom authentication and after authentication passes I am redirecting to defaultUrl mentioned in web.config. The following is the code. This is working fine.

Session["test"] = "testing";
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, true);

Login1 is Login control of asp.net.

3) In StockTips.aspx (which is defaulturl), on Logout linkbutton click event I am trying to abandon session so that it automatically redirects to loginurl (default.aspx). This is not happening. It is staying on the same page i.e. StockTips.aspx. The following is the code.

        protected void lnkLogout_Click(object sender, EventArgs e)
        {
            string str = Session["test"].ToString();

            Session.Abandon();
            //Session.RemoveAll();
            //Session.Clear();

            //FormsAuthentication.SignOut();

            string str1 = Session["test"].ToString();
        }

The value in Session["test"] also remains. I have tried the commented code above. I do not want to explicitly write Response.Redirect to loginurl as I am pretty sure once the session gets abondoned it automatically redirects to loginurl. But somehow it is not working.

I am not sure whether the following information will help but still thought of adding it. I have a master page in which both default.aspx and stocktips.aspx opens. LinkButton in inside stocktips.aspx and not on master page.

Please let me know if you need any further information from my side.

Please help!

Thanks in advance.

Regards,

Samar

1

1 Answers

0
votes

I think you are doing right with the sessions. But see in your web.config file you have enabled cookies for form authentication. Eventhough you removed sessions, the cookie with authentication details remains with the browser(cookie has timeout=30 mins). So the authentication details remain in the cookie until the timeout or till you close the browser. Try deleting the cookie instead of removing the sessions.