Databases
StackOverflow2013
Postsdbo
POWhy doesn't WebSecurity.Logout *immediately* update IPrincipal.User to null user
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy doesn't WebSecurity.Logout *immediately* update IPrincipal.User to null user
    text
    copied!<p><em>First of all it's important to note that in my application if you log out your session is still valid and you don't just get redirected back to a login page, but stay on the same page.</em></p> <p>With that said - whichever of these two ways I use to sign out in an MVC application </p> <pre><code>FormsAuthentication.SignOut() WebSecurity.Logout() </code></pre> <p>the effect is the same and neither of the following properties changes to reflect the logout if I immediately access them :</p> <pre><code>User.Identity.Name Thread.CurrentPrincipal.Identity </code></pre> <p>Now - If I do a Redirect, or just reload the page then obviously these properties are updated to a null user. They just don't immediately meaning that <code>User.Identity.Name</code> represents a user that just logged out.</p> <p>This is a problem because I want to generate text of the form <code>You are logged in as XXX</code> after login/logout - and this may be in an AJAX situation where a redirect isn't possible.</p> <p>I'm curious if there's any way to trigger the <code>IPrincipal</code> to reset itself after a logout (or login).</p> <p>I assume people normally just <code>Redirect()</code> after a <code>Logout()</code> call so this is never an issue, but in an AJAX situation this is not always practical.</p> <p>My current solution is to abstract the Identity in my own wrapper, and so once I'm logged out I can just update that. I'm just a little concerned that this could have some obscure side effects especially if somebody accesses <code>IPrincipal</code> directly adn not through the wrapper.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload