4
My scenario is this::
After authentication with Active Directory, the user who logged in is saved to a Session
[HttpPost]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (!this.ModelState.IsValid)
return View(model);
if (Membership.ValidateUser(model.Usuario, model.Senha))
{
Session.Add("Usuario", new UsuarioModel { Nome = "Eu", Login = "Filipe"});
FormsAuthentication.SetAuthCookie(model.Usuario, false);
if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return this.Redirect(returnUrl);
}
return this.RedirectToAction("Index", "Home");
}
this.ModelState.AddModelError(string.Empty, "O usuário ou a senha são inválidos");
return View(model);
}
After that I make some changes to the code and run the application again, but Session does not remain there and the application considers that the user is still logged in.
How can I clean up this thing that makes the user still seem to be online?
But it’s to keep the login in session and application or to force new login because changes were made to the code?
– Zuul
@Zuul, force the new login because of the changes. But keeping the login in the session would also be a good thing, you have example of this?
– Filipe Oliveira