Here’s one of those posts I hope someone finds a-googling in search of the stupid little solution that has eluded them for hours. If you’re implementing your own signout button in an ASP.NET site (as opposed to using the built-in LoginStatus control), be sure to follow this pattern:

Session.Abandon();
FormsAuthentication.SignOut();
Response.Redirect(…);

You MUST do that redirect immediately after the SignOut() call. I had some other database calls, unrelated to any ASP.NET framework web stuff, between the two and a subsequent call to Request.IsAuthenticated() in my Global.asax was returning true. Taking out those intervening calls made Request.IsAuthenticated() return false. So any other custom operations you need to happen on signout must happen before the above code.

Comments(0) - Join the Conversation

Andrew Crowe Categories: Technology