Logout/Logoff in IE Not Working

Feb 5, 2011 at 5:01 PM

I have the same problem in 1.6 and 2.0... logout/logoff does not work in IE.  Works fine in FF.

Feb 5, 2011 at 10:40 PM

what theme are you using?  does IE show any JavaScript errors?

Feb 5, 2011 at 10:56 PM

Thanks for the reply...

I have my own theme, but I have tested this with "standard" and "indigo" as well… BE 1.6 and 2.0.

No JS errors.

I can debug and see it hit /Account/login.aspx?logoff and fire FormsAuthentication.SignOut(). But, BE/IE still thinks it’s logged in.

Feb 5, 2011 at 11:13 PM

do you have any additional extensions, not out of the box, installed or other items installed that count on Jquery?  I am not sure that it is related but I had an issue when I started using a lightbox extension that used jquery.

Hopefully someone with more knowledge will pipe in shortly.

Feb 5, 2011 at 11:37 PM

Thanks guynethery... I know what you mean, I've seen some unexpected things with IE and jQuery. 

I don’t have any add-ons, just building the release source for BE But, I see the same behavior on my production site with BE 1.6.

I'm debugging the solution in VS and stepping through the server code, so I can see it hit FormsAuthentication.SignOut().

I’ve seen a few generic references to this kind of problem with forms authentication and IE... but I was hoping that someone else had experienced the same problem with BE and has a solution.

Feb 6, 2011 at 9:19 PM

I have also faced strange logout behavior while trying to implement private post / private page.
In the few words, I wanted that some posts / pages are hidden from unauthenticated users and used Identity.isAuthenticated for checking .
Debugging isAuthenticated indicated returned true, although FormsAuthentication.SignOut() was called line before ???,

Please Google  ".net forms signout isAuthenticated" for more details.
This behavior is not BE related and in my experience it is not IE specific ( as I do not use IE ). 
It seems that .NET SignOut method closes a session, but does not delete a cookie and browsers in such case cache the state.  

Suggested solution is to expire cookie after FormsAuthentication.SignOut();

Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddYears(-1);

Personally, I did not have  success with cookie expiration code, probably because I did not have time to analyze BE cookies.