How does one forcibly log out a user?
Scenario: We sometimes need to lock an account. Locking an account in the back office prevents the user from logging in again, but if they are already logged in, they can still access the website.
Litium version: 6.3.7
I don’t think you can affect a session from outside, but you could write an
ActionFilterAttribute that checks if the current user is locked out and then log it out. By adding it to the
LitiumController it will be checked for each request.
public class RevokeLoginFilterAttribute : ActionFilterAttribute
public override void OnActionExecuting(ActionExecutingContext filterContext)
var person = SecurityToken.CurrentSecurityToken.Person;
&& person.LoginCredential.LockoutEndDate > DateTimeOffset.UtcNow)
Yeah I figured as much. Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.