MVC 5 Signout Fails

Recently I came across with a problem in the LogOff method that is generated with a new MVC 5 solution.

mvc

The problem was:

  • User1  logged in  and Login method is called in the Account controller.
  • User1 logs off and the LogOff method is called in the Account controller and the following code is executed:
    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult LogOff()
    {
        AuthenticationManager.SignOut();
        return RedirectToAction("Login", "Account");
    }
    
  • User2 logged in  and Login method is called in the Account controller. After this the User1 is logged in instead of User2.

It seems this is a known issue where the explicit sign-in is preferred over a generic sign-out with no params. The solution is change the  call to SignOut and pass the AuthenticationType of the cookie, and this will override the explicit sign-in.

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie, DefaultAuthenticationTypes.ExternalCookie);
    return RedirectToAction("Login", "Account");
}
Digg thisBuffer this pageShare on FacebookShare on Google+Share on LinkedInPin on PinterestShare on RedditShare on StumbleUponShare on TumblrTweet about this on Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *