Forcibly logging out a user

andymcpherson · October 9, 2019, 10:44am

How does one forcibly log out a user?
Scenario: We sometimes need to lock an account. Locking an account in the back office prevents the user from logging in again, but if they are already logged in, they can still access the website.

Litium version: 6.3.7

NilsN · October 10, 2019, 7:50am

I don’t think you can affect a session from outside, but you could write an ActionFilterAttribute that checks if the current user is locked out and then log it out. By adding it to the LitiumController it will be checked for each request.

Something like:

public class RevokeLoginFilterAttribute : ActionFilterAttribute
{
	public override void OnActionExecuting(ActionExecutingContext filterContext)
	{
		if (!SecurityToken.CurrentSecurityToken.IsAnonymousUser)
		{
			var person = SecurityToken.CurrentSecurityToken.Person;

			if (person.LoginCredential.LockoutEnabled
				&& person.LoginCredential.LockoutEndDate > DateTimeOffset.UtcNow)
			{
				IoC.Resolve<AuthenticationService>().SignOut();
			}
		}

		base.OnActionExecuting(filterContext);
	}
}

andymcpherson · October 11, 2019, 1:50pm

Yeah I figured as much. Thanks!

system · November 8, 2019, 1:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Set logout time or stay logged in? Questions litium-5	1	275	July 8, 2022
How do I check when a customers last login was Questions litium-6 , accelerator	7	596	April 7, 2020
Verify current password without logging in Questions litium-8	1	283	April 5, 2022
Save logged in user in a persistent cookie Questions litium-6 , accelerator	3	575	April 8, 2020
Login an account without password Questions	4	899	July 19, 2018

Forcibly logging out a user

Related Topics