FormsAuthentication.SignOut() doesnot reflect in LoginStatus and LoginName
I was implementing password reset feature on my site
http://www.codedigest.com/. When a user is already logged in he can reach the form PasswordReset.aspx and he can choose the new password. When the user types in the new password and clicked save I thought logging out the user so that he can use his new password to login and verifying the same.
Below is the code I used to do it.
int res = userDAO.ResetPassword(User.Identity.Name, txtOldPassword.Text, txtConfirmPassword.Text);
lblMessage.Text = SUCCESSMSG;
FormsAuthentication.SignOut();Also, I had a LoginStatus and LoginName Control on the Master page that shows login status of the user. I got the actual problem here. After the password reset is successful the above code logged out the user as planned. But the LoginStatus and LoginName control still shows the status as logged in as seen in below figure.
But when the form is refreshed or after the next server trip the status is successfully showing as logged out. I found out the actual problem after a bit analysis and googling. The problem is even after the FormsAuthentication.SignOut(); line execution the context information of the current request still has the logged in user information i.e. On executing the line Context.User.Identity.Name after the signout code still gives the logged in user information and thus LoginStatus control didn’t reflect the logout change. From the next request Context.User.Identity.Name has no value in it which made the login control to behave correctly.
So, I made the user information in the context object of the current request to null after which the Login control behaved correctly.
The final code is,
int res = userDAO.ResetPassword(User.Identity.Name, txtOldPassword.Text, txtConfirmPassword.Text);
lblMessage.Text = SUCCESSMSG;
FormsAuthentication.SignOut();
Context.User = null;
Hope this tip will help someone.
Regards,
Satheesh
www.codedigest.com
www.satheeshbabu.com