You must Sign In to post a response.
  • Category: ASP.Net MVC

    Unknown Redirect to Login

    I have created a web application in MVC. My issue is described below.

    A user logout from the application and tries to access a page which can be accessed only by a logged in user. Then application will be redirected to login page as it requires.

    Now , the same user logs in and access the same page . but he will not get the page. he will be redirected to login page. If we clears cookies, he can access that page.

    Please help.
  • #768409
    I am using MVC 5.

  • #768410
    Hi,

    I guess you are telling that when the registered user login again he was able to access the page without login?
    After you clear the session manually he was not able to login?

    In MVC, redirect to the Login page was simple task which we can carry out this is Global.asax or any simple XAML file.

    If you are performing the login validation from Database like checking the user really exists and the password what the user provide are valid then you will allow the user inside the website or redirect others to the login page.

    For already logged in user, who have been logged out and when he again try to access the controller page without cache clearing manually, the user can directly login without validation.
    To Overcome that, we can clear the cache programmatically when the user clicks on the logout button.


    public ActionResult LogOut()
    {
    Session.Clear();
    FormsAuthentication.SignOut();
    Redirect("../YourApplication/Home/LogOut");
    }



    Their is also another case where user directly close the browser. This time out Logout functionality cannot be called. So for that we can use the below code.


    window.addEventListener('unload', function(event) {
    document.cookie = name + '=; expires=Thu, 04 Jun 2016 00:00:01 GMT;';
    });



    So during unload event the cookies will get cleared.

    Thanks,
    Mani

  • #768412
    Thanks for your answer Mani. I will explain a little more about my problem.

    Suppose we have a controller department. A user for eg: admin comes and login to our application. He can access the department page. Now he clicks logout button and we are clearing all session. Then if he types the url to access department page he will not get it . he will be redirected to login page.

    But my problem is he will not be able to access the department page even if he login again.

    I am not using formsauthentication. I haven't added any cookies also.

  • #768413
    Hi,

    Kindly let me know if I understand correct.

    When first time admin logs in, He can able to see the All pages including Department page.
    When same admin user comes again after clearing Caches he is not able to view the department page?
    Is that right?

    If so, this is implementation problem.
    How you are identifying the user whether is admin or not?
    When second time same admin logins did you put a debug point and check whether is he really picking up as admin?

    Thanks,
    Mani

  • #768415
    Sorry Mani. you misunderstood my problem. Leave admin user.

    Suppose mani logged into our application and accessed all pages.then you signed out. After signing out you tried to access the department page.Then you will be redirected to the login page since nobody is logged in as it is.

    Now you are logging in again successfully and trying to access department page. But you will be redirected to login page even if you are logged in. you will get the department page only after clearing cookies .

  • #768429
    Hi,
    You can register AuthorizeAttribute as a global filter, and then use the AllowAnonymous attribute to selectively allow actions to be accessed. It is the proper way to secure controllers and actions.
    Please find code snippet for MVC-5 over here:
    http://stackoverflow.com/questions/36390027/cant-redirect-to-orignal-page-after-successful-login


Sign In to post your comments