From 540bcc7950532fdd5f4d572628567e42c639a21e Mon Sep 17 00:00:00 2001 From: Kiran Challa Date: Fri, 7 Aug 2015 10:45:13 -0700 Subject: [PATCH] Clear session on logoff --- src/MusicStore/Controllers/AccountController.cs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/MusicStore/Controllers/AccountController.cs b/src/MusicStore/Controllers/AccountController.cs index b71c87f737..d58b8837cf 100644 --- a/src/MusicStore/Controllers/AccountController.cs +++ b/src/MusicStore/Controllers/AccountController.cs @@ -97,9 +97,9 @@ namespace MusicStore.Controllers return View(model); } - // The following code protects for brute force attacks against the two factor codes. - // If a user enters incorrect codes for a specified amount of time then the user account - // will be locked out for a specified amount of time. + // The following code protects for brute force attacks against the two factor codes. + // If a user enters incorrect codes for a specified amount of time then the user account + // will be locked out for a specified amount of time. // You can configure the account lockout settings in IdentityConfig var result = await SignInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser); if (result.Succeeded) @@ -437,6 +437,9 @@ namespace MusicStore.Controllers [ValidateAntiForgeryToken] public async Task LogOff() { + // clear all items from the cart + Context.Session.Clear(); + await SignInManager.SignOutAsync(); // TODO: Currently SignInManager.SignOut does not sign out OpenIdc and does not have a way to pass in a specific