On my application a button is responsible for redirecting user to the login page, when it runs on the local server, every thing work fine and after calling Logout method, it make a null value cookie and put it on the response:
public ActionResult Logout()
{
HttpContext context = HttpContext.Current;
context.Session.Abandon();
HttpCookie authenticationCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authenticationCookie == null)
authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
authenticationCookie.Value = null;
authenticationCookie.Secure = true;
authenticationCookie.HttpOnly = true;
authenticationCookie.Expires = DateTime.Now.AddDays(-1);
context.Response.Cookies.Add(authenticationCookie);
return Redirect("~");
}
Now because cookie does not have value it redirects to the login page
In global.asx checks for authentication info
protected void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
SUser user = new SUser();
user.ValidateAuthentication(args);
}
And now it redirects to the login page
protected void Application_EndRequest(object sender, EventArgs e)
{
SUser.RedirectSsoAuthentication();
}
But when application is running on the remote server, Logout does not seem to be working and it just redirect to the root path
It might be from my side's codes that missed something?
You can also take look at my browser cookies
By the way, changing browser didn't make any difference
I'm not sure but it might be related to cookie per domain limit.
As you see, in response cookie has no value, but when you send request, cooke value is what it was before logout
There is no issue When it's tried on different browsers or different accounts!
Finally the problem disappeared when the code changed in the following way: