I was first using the logout action that was automatically created by the Web Forms project in Visual Studio (I know Web Forms is outdated, but I need it for a legacy piece of code):

<asp:LoginStatus runat="server" LogoutAction="Redirect" LogoutText="Log out" LogoutPageUrl="~/" />

So I assume that what makes the user log out is the part LogoutAction="Redirect"

But in the tutorial I was looking at, the logout action would be done this way:

private void cmdLogout_Click(object sender, System.EventArgs e)
{
    FormsAuthentication.SignOut();
    Response.Redirect("~/", true);
}

Is there a difference between the two, or LogoutAction="Redirect" does the same as FormsAuthentication.SignOut()?

CodePudding user response：

LogoutAction in combination with LogoutPageUrl just tell the LoginStatus control how to do the redirect in case the user clicks the logout menu item.

The LoginStatus executes that same FormsAuthentication.SignOut(), followed by a redirect which happens according to the specified settings.

See the source code.

private void LogoutClicked(object Source, CommandEventArgs e) 
{        
    // ...

    FormsAuthentication.SignOut();
    
    switch (LogoutAction) {
        // ...
        
        case LogoutAction.Redirect:
            string url = LogoutPageUrl;
            if (!String.IsNullOrEmpty(url)) {
                url = ResolveClientUrl(url);
            }
            else {
                // Use FormsAuthentication.LoginUrl as a fallback
                url = FormsAuthentication.LoginUrl;
            }
            Page.Response.Redirect(url, false);
            break;
    }
}