0

I have a session expiring method that logs out a user after 20 mins using a countdown from a cookie. It works fine as the user does successfully get logged out. The only issue is the URL after appears as

localhost:8091/Login?ReturnUrl=%2FLogin%2FLogOut

when it shouldn't have anything after /Login. I am using C# and ASP.NET 4 with MVC's.

This is the JS used to redirect the user...

        function startCountdown(timeLeft) {
            if (countDownInterval > 0) return;

            $('#idletimeoutcount').text(countDown);
            $('#idletimeout').slideDown();

            countDown = parseInt(timeLeft / 1000);
            countDownInterval = setInterval(function() {
                $('#idletimeoutcount').text(countDown);
                var secondsLeft = countDown--;
                document.title = "Warning! " + secondsLeft + " seconds left until logged out";

                if (countDown <= 0) {
                  //  console.log('finished');
                    window.location.href = '/Login/LogOut';
                }
            }, 1000);
        }

And the LogOut function:

   public ActionResult LogOut()
    {
        FormsAuthentication.SignOut();
        return RedirectToAction("Index", "Login");
    }

Is there any way to make it so the url is localhost:8091/Login ? (HTTP taken out because of stack overflow)

It might be something to do with the web config which contains these tags:

          <authentication mode="Forms">
  <forms name="SqlAuthCookie" loginUrl="Login" timeout="20" slidingExpiration="true" />
</authentication>
tereško
  • 56,151
  • 24
  • 92
  • 147
h.d06
  • 85
  • 1
  • 8
  • What happens when a fresh user hits localhost:8091/Login ? Does it automatically add the ReturnUrl? – Bo TX Dec 11 '13 at 15:30
  • It is strange, if I run window.location.href = '/Login/LogOut'; in the console on Chrome it comes out with localhost:8091/Login. But when i wait 20 mins for the timeout it comes as localhost:8091/Login?ReturnUrl=%2FLogin%2FLogOut . Either way you get returned to the log in page but if this url appears and you try to log back in you have to click log in twice as the url goes back to /Login after first click. – h.d06 Dec 11 '13 at 15:37
  • Not sure if this will help, but you may try changing: loginUrl="Login" to loginUrl="/Login" – Bo TX Dec 11 '13 at 15:50
  • I tested this out. It still didn't work. :( – h.d06 Dec 11 '13 at 16:47

3 Answers3

0

You cannot remove the ReturnUrl parameter for the url is the way forms authentication works check this post. How to remove returnurl from url?

In WebForms I used this code to perform signed out mechanism:

FormsAuthentication.SignOut();
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();
Community
  • 1
  • 1
Cesar Loachamin
  • 2,680
  • 4
  • 24
  • 33
0

FormsAuthentication is built to handle the expiration of the login. Why not let it? You already have the parameter set:

timeout="20"

Have you your javascript just redirect to the login page once the time expires.

Bo TX
  • 394
  • 1
  • 7
  • I did try that. Sadly it didn't let me log out and as I have it so that if you are logged in and are trying to access the login page you will get redirected to the homepage(which you can only access if logged in). The LogOut function in my controller is what makes sure the user is no longer logged in, which is why I have linked it. – h.d06 Dec 11 '13 at 15:59
0

The best solution I came across to resolve the bug is stripping the return URL out by doing the following:

        if (!string.IsNullOrEmpty(Request.QueryString["returnUrl"]))
        {
            return RedirectToAction("Index", "Login");
        }

This checks if their is a returnURL added and if so it will direct you to the login page. It is bitter-sweet as it solves my bug but now the user does not get the experience of being able to go back to the page they was on before their session expired.

h.d06
  • 85
  • 1
  • 8