Fix where the encrypted session id gets corrupted resulting in a loop and a 500

error

Explicitly cleared the session and authentication cookies
This commit is contained in:
robvde 2012-07-25 19:33:43 +04:00
parent ba1e53b8d2
commit 2a790f105d
2 changed files with 23 additions and 7 deletions

View file

@ -217,6 +217,23 @@ namespace WebsitePanel.Portal
public static void UserSignOut()
{
FormsAuthentication.SignOut();
if (HttpContext.Current.Session != null)
{
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
}
// Clear authentication cookie
HttpCookie rFormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, "");
rFormsCookie.Expires = DateTime.Now.AddYears(-1);
HttpContext.Current.Response.Cookies.Add(rFormsCookie);
// Clear session cookie
HttpCookie rSessionCookie = new HttpCookie("ASP.NET_SessionId", "");
rSessionCookie.Expires = DateTime.Now.AddYears(-1);
HttpContext.Current.Response.Cookies.Add(rSessionCookie);
HttpContext.Current.Response.Redirect(LoginRedirectUrl);
}