My scenario is as follows:
After authentication with Active Directory, the logged-in user is saved in a Session
[HttpPost]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (!this.ModelState.IsValid)
return View(model);
if (Membership.ValidateUser(model.Usuario, model.Senha))
{
Session.Add("Usuario", new UsuarioModel { Nome = "Eu", Login = "Filipe"});
FormsAuthentication.SetAuthCookie(model.Usuario, false);
if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\"))
{
return this.Redirect(returnUrl);
}
return this.RedirectToAction("Index", "Home");
}
this.ModelState.AddModelError(string.Empty, "O usuário ou a senha são inválidos");
return View(model);
}
After that I make some changes to the code and run the application again, but the Session does not stay there and the application thinks the user is still logged in.
How can I clean up this thing that makes the user still look online?