CODEDIGEST
Home Articles CodeDigest Tutorials FAQs
Home > CodeDigest >  
Technologies
 


FormsAuthentication.SignOut() does not reflect in LoginStatus and LoginName control in ASP.Net
Submitted By Satheesh Babu B
On 10/26/2008 10:57:52 PM
Tags: asp.net,CodeDigest  

FormsAuthentication.SignOut() Problem with LoginStatus and LoginName control in ASP.Net

 

 Suppose, if we have password reset feature in our ASP.Net site then the user should be forced to logged out once he chooses the new password, clicked save. He should be asked to login again and verify the new password.

When a user is already logged he can reach the form PasswordReset.aspx and he can choose the new password. When the user types in the new password and clicked save the user is made logged off by calling SignOut() method of FormsAuthentication object. Refer the code below,

 

int res = userDAO.ResetPassword(User.Identity.Name, txtOldPassword.Text, txtConfirmPassword.Text);

lblMessage.Text = SUCCESSMSG;

FormsAuthentication.SignOut();

 

The actual problem is here. After the password reset is successful the above code will log out the user as planned. But the LoginStatus and LoginName controls on the page will still show the status of the user as logged in.

 

 

When the form is refreshed or for the subsequent server trip the status of the user that is displayed on the form will be successfully changed to logged out.  The cause for this problem is even after the FormsAuthentication.SignOut(); line execution the context information of the current request will still hold the logged in user information i.e. On executing the line Context.User.Identity.Name after the signout code will still give the logged in user information and thus LoginStatus control didn’t reflect the logout change. From the next request Context.User.Identity.Name will have no value in it which will make the login control to behave correctly.

 

The work around for the above problem will be making the User attribute of Context object to null.

The final code is,

 

int res = userDAO.ResetPassword(User.Identity.Name, txtOldPassword.Text, txtConfirmPassword.Text);

lblMessage.Text = SUCCESSMSG;

FormsAuthentication.SignOut();

Context.User = null;

 

The other way of solving this problem is by redirecting the user to the login page after changing the password. But you need to have some logic to notify the user that password is successfully changed.

 

 

Recent Codes
  • View All Codes..