SimpleMembershipProvider后WebSecurity.SignOut不破坏会议 [英] SimpleMembershipProvider doesn't destroy session after WebSecurity.SignOut
问题描述
我运行ASP.NET MVC 4与所有的默认成员code。在code代表的AccountController的注销等是:
I am running ASP.NET MVC 4 with all the default membership code. The code for AccountController's LogOff is:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
WebSecurity.Logout();
return RedirectToAction("Index", "Home");
}
我注意到,这code不破坏会议上,也就是说,如果我用一个帐户登录,保存的东西会话,然后注销,并在Web浏览器的同一个实例使用不同的帐户登录,我仍然可以看到previous用户的会话。
I noticed that this code does not destroy the session, meaning that if I sign in with one account, save something to the session, then logout and sign in with a different account in the same instance of the web browser, I can still see the session of the previous user.
不知道为什么发生这种情况。任何意见将大大AP preciated。谢谢你。
Not sure why this is happening. Any advice would be greatly appreciated. Thanks.
推荐答案
Session和身份认证会话是不一样的东西。
Session and Authentification session is not the same thing.
在这里,你破坏了用户的认证,但你没有重新启动ASP.NET会话。
Here you destroyed the authentication for the user, but you did restart the ASP.NET session.
在这里更多explanatition: http://stackoverflow.com/a/1306932/971693
More explanatition here : http://stackoverflow.com/a/1306932/971693
试着这样做:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
WebSecurity.Logout();
Session.Abandon();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
return RedirectToAction("Index", "Home");
}
这篇关于SimpleMembershipProvider后WebSecurity.SignOut不破坏会议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!