Log out, then log in with a different user ID in mvc 5

Question

If I log out of my web site and log back in, the HttpContext.Current.User is held over from the previous login. None of the following works:

    //
    // POST: /Account/LogOff
    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult LogOff()
    {
        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignOut();

        System.Web.HttpContext.Current.Application.Remove(System.Web.HttpContext.Current.User.Identity.Name);

        Session.Abandon();
        Session.Clear();

        AuthenticationManager.SignOut();

        FormsAuthentication.SignOut();

        foreach (var cookie in Request.Cookies.AllKeys)
        {
            Request.Cookies.Remove(cookie);
        }
        foreach (var cookie in Response.Cookies.AllKeys)
        {
            Response.Cookies.Remove(cookie);
        }

        FormsAuthentication.SignOut();

        Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddYears(-1);

        HttpContext.User = new GenericPrincipal(new GenericIdentity(string.Empty), null);

        return RedirectToAction("Login", "Account");
    }

Cheers

I've run into [similar problems](http://stackoverflow.com/questions/17346899/websecurity-logout-then-websecurity-isauthenticated-returns-true). It's not possible to change the logged in user after the request has landed at the server... This is why we redirect to another page, because when the next request comes in (with fresh cookies etc), that's when magic happens. — spender, Mar 21 '15 at 19:31

Justin Kofford · Answer 1 · 2015-03-24T01:59:55.597

0

I figured this out. There was a system variable that needed to be reset. What I was trying to do was a bit lazy and score a session variable to grab data for my store procedures:

public class MyWhey
{
    public static List<ef_GetMyWhey_Result> GetMyWhey()
    {
        string currentID = HttpContext.Current.GetOwinContext().Authentication.User.Identity.GetUserId();
        return _db.ef_GetMyWhey(currentUserID).ToList();
    }
}

The best way I've found so far is just pass it in from the controller. This is a pain, but it works for me very consistently. So instead, bring it in from your controller:

using Microsoft.AspNet.Identity;

namespace Whey.Controllers
{
    public class MyWheyController : Controller
    {
        public ActionResult Index()
        {
            WheyPageModel wheyModel = PopulateWheyPageModel.PopulateWheyPage(User.Identity.GetUserId()); // <-- This Fella

            return View(wheyModel);        
        }
    }
}

edited Mar 24 '15 at 01:59

answered Mar 21 '15 at 19:43

Justin Kofford

1
1

1

If you have solved your problem you can post your own answer. You shouldn't need someone to ask you the answer. – hellowahab Mar 21 '15 at 20:07
I want to know. Can you post the answer here please. – spender Mar 23 '15 at 14:51
Well, yeah, essentially, spender is correct. If you're having this problem is procedural. You just can't do what I was trying to do and so I just needed to refresh my own variables. I'll see if I can't update the answer to make it more clear. – Justin Kofford Mar 24 '15 at 01:06

Log out, then log in with a different user ID in mvc 5

1 Answers1