locked
How to implement logout on all device RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User264732274 posted

    i got a two line. one is http://stackoverflow.com/a/27288275/728750

    the above link is saying

    It is possible , Facebook,G mail are done that , But it is not simple

Use a flag in the database that checks users on Session_Start that invalidates their session 
    if that flag is set. May not necessarily use a boolean, you can use a DateTime value and 
    invalidate all sessions that started prior to that time. This could be done by checking a value stored in a cookie upon login

    what they trying to say not clear.

    how to implement this "you can use a DateTime value and invalidate all sessions that started prior to that time." ?

    how to know when user session was started ?

    i got a another good link http://stackoverflow.com/a/5492396/728750

    this line is not clear

    authCookie.Expires < logoutTime.Value

    how the above line would work. suppose i login to web site now and today date is 01/01/16 and login expire date is 07/01/16 and i force logout on 02/01/16 then how this expiry date 07/01/16 would be less than force logout date 02/01/16. this area is not clear. anyone can help me to implement this. thanks

    Thursday, April 7, 2016 3:01 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-646145796 posted

    Hi,

    I think the second link you shared is helpful. We can create a customer httpmodule to do this.

    authCookie.Expires < logoutTime.Value this line is not clear

    This means if the logout time beyond the expire time, force the user log out. In your workaround, I think you need to change the logic, like force user logout in a special date or the date less than the expire date. You can even force all user logout via delete cookies and then redirect to the login page via the code Brett provide.

     authCookie.Expires = DateTime.Now.AddDays(-1);
            context.Response.Cookies.Add(authCookie);
            context.Response.Redirect(FormsAuthentication.LoginUrl);
            context.Response.End();

    Regards

    Monday, April 11, 2016 8:11 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User264732274 posted

    if u see the second link and suppose if auth cookie expire is 30 days then that code does not work. so i need a generic code which work in any situation. what is your suggestion. thanks

    Monday, April 11, 2016 9:42 AM