0

I have this website that I developed. It is acting weird. I logged onto it and now it seems that I can't logout of it. It has session which I don't know how it can still maintain after logging out and also in different browsers and even in incognito.

The weirdest thing is that if you open it in your browser you get same session state. You can't do anything with it. But it is jut there.

What is going on?

Go to this page, it shows some user logged in. click Add and it asks for credentials again. Like an endless loop.

http://krninstitute.com/krnitech/Forms

Then go to this page, it shows other user logged in. Go to the end of the page.

http://krninstitute.com/krnitech/Gallery

This question requires these external links.

But here are images just in case:

cookies in ingognito window without logging

enter image description here

enter image description here

Edit 1:

What is causing every request to end up with session cookie? I don't have any cache implemented. Does it have something to do with recent GoDaddy crash?

Edit 2:

Questions are 1. how can you see who is logged in on the application? I haven't implemented such functionality. And 2. how there are two people logged on from same browser window?

  • how does your loggoff ActionResult looks like – Rafay Sep 11 '12 at 06:35
  • standard membership logout. Everything is implemented with standard asp.net membership. It was working till now. 911? –  Sep 11 '12 at 06:39
  • turned out that other developer pushed dev code to public end server with output cache enabled. Solved. vote to close. –  Sep 11 '12 at 09:06

1 Answers1

0

Session and Authentication are two different things. When you use FormsAuthentication to login and logout, it does not change the session. You must abandon the session in addition to logging out to do that.

Session.Abandon();

Be aware that the session will still be there until the end of the request, so you should probably immediately redirect to a default page afterwards.

Erik Funkenbusch
  • 92,674
  • 28
  • 195
  • 291
  • I do. Just click on logout. you will be directed to home page and it appears that you have logged out. But, how two different actions in same app can have different value of user logged in and simultaneously appear all over the globe as logged in? –  Sep 11 '12 at 06:49
  • 1
    @AnubhavSaini - I repeat, sessions and authentication are two different features in asp.net. Just logging out does not clear the session, and clearing the session does not log you out. They use two different cookies and two different sets of features. – Erik Funkenbusch Sep 11 '12 at 06:59