Hello guys,

as hinted by the header I need some possible help and/or input regarding FormsAuthentication.SignOut(). I have a custom log out button that works fine when using Chrome/FF, but when the customer is using IE11 it doesn't sign out the user.

However: the user get's signed out of EPiServer, but when I check user roles manually (after_ SignOut() ofc), Roles.IsUserInRole([ some groups]) still returns TRUE, and then the code logic fails since it should be returning FALSE (obviously).

Is there a IE quick fix for this? Clearing of certain cookies or what not? Or something I've missed?


May 16, 2016 14:24


Should do it...don't forget the redirect...

I think I once looped through cookies collection before redirect and set an earlier expires date.

Edited, May 16, 2016 14:55
<p>Thanks Daniel,</p> <p>thanks for the reply. Will try it asap. However,&nbsp;must the redirect be done against that specific URL? The user does not in my case wish to return to preset login screen.</p> <p>BR<br />Patrik</p>
May 17, 2016 7:28

Nah...doesn't matter where on site you send them. Just need to redirect to be sure that everything is reset for current user. 

May 17, 2016 8:42

Daniel, when I run the code the Session (or HttpContext.Current.Session) object is null. I'm running MVC obviously - any ideas on how to tackle that?

May 17, 2016 9:27

Also, I've tried adding the following to web.config:

    <modules runAllManagedModulesForAllRequests="true">
      <remove name="Session"/>
      <add name="Session" type="System.Web.SessionState.SessionStateModule"/>
Edited, May 17, 2016 9:29
<p>Skip the session abandon if you aren't using session...</p>
May 17, 2016 9:47

Hi Daniel,

I'm trying to understand something similar.... 

My logout action looks like this:

        public virtual ActionResult Logout(string returnUrl)

            // Log out user:

            // Get anonymous logged-out user ID:

            var anonymousUserId = PrincipalInfo.CurrentPrincipal.GetContactId();   //doesn't work, still returns logged-in user ID

            // do some stuff.... etc.

            return Redirect(returnUrl);

As you can see, I want to get a new anonymous user ID from PrincipalInfo.CurrentPrincipal.GetContactId() after logging the user out.  Is that possible?  It seems like my call to PrincipalInfo.CurrentPrincipal.GetContactId() still returns the logged-in ID.  Your comments above seem to indicate that I must redirect to another action first.  Is that right?


 - Ken

Aug 16, 2016 21:39

Yes. If you don't redirect you will get some strange things like that. The current request still has authentication cookies etc. Redirecting will clear everything...

Aug 17, 2016 8:14

is it cookieless?

if (FormsAuthentication.CookieMode != HttpCookieMode.UseCookies)
Response.Redirect(loginurl, false);
Response.Redirect(loginurl, false);

Aug 17, 2016 10:31

@ K Khan -

We're using FormsAuthentication.CookieMode == HttpCookieMode.UseDeviceProfile - meaning it might/or might not use cookies depending on the browser settings.

Hmmmm, what would be the "correct" way to capture the anonymous user ID after every logout? 

We cannot predict where our logout action redirects to because it redirects to "whatever page the user was viewing when the clicked logout".  (so that could be ANY page).

Is there some event, or something, that I can tap into to reliably get that anonymous ID after a logout?

Aug 17, 2016 15:43


Aug 18, 2016 19:21

According to Microsoft: The SignOut method removes the forms-authentication ticket information from the cookie or the URL if CookiesSupported is false.

Jan 10, 2019 8:06
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.