asp.net-mvc-3sessionsecuritysession-cookiessession-cache

ASP.NET MVC Web application, hosted with GoDaddy acting crazy with authentication


I have this website that I developed. It is acting weird. I logged onto it and now it seems that I can't logout of it. It has session which I don't know how it can still maintain after logging out and also in different browsers and even in incognito.

The weirdest thing is that if you open it in your browser you get same session state. You can't do anything with it. But it is jut there.

What is going on?

Go to this page, it shows some user logged in. click Add and it asks for credentials again. Like an endless loop.

http://krninstitute.com/krnitech/Forms

Then go to this page, it shows other user logged in. Go to the end of the page.

http://krninstitute.com/krnitech/Gallery

This question requires these external links.

But here are images just in case:

cookies in ingognito window without logging

enter image description here

enter image description here

Edit 1:

What is causing every request to end up with session cookie? I don't have any cache implemented. Does it have something to do with recent GoDaddy crash?

Edit 2:

Questions are 1. how can you see who is logged in on the application? I haven't implemented such functionality. And 2. how there are two people logged on from same browser window?


Solution

  • Session and Authentication are two different things. When you use FormsAuthentication to login and logout, it does not change the session. You must abandon the session in addition to logging out to do that.

    Session.Abandon();
    

    Be aware that the session will still be there until the end of the request, so you should probably immediately redirect to a default page afterwards.