Compartir a través de

.NET Passport Sign-Out Problems

  • Artículo

.NET Passport Sign-Out Problems

If users are having difficulty signing out of your site with their Microsoft® .NET Passport, find the description that most closely matches the problem you are experiencing for a list of details to check. If you still have not solved your problem, see Advanced Troubleshooting.

Users sharing a computer with a .NET Passport user have the sign-out button displayed on my site without even signing in.

Your site is most likely failing to delete your site's .NET Passport cookies when the user signs out. Another possibility is that one of the .NET Passport users has the Remember My Password option enabled, and the subsequent sign-ins still satisfy your site's time-window requirements.

My site's .NET Passport cookies are not being deleted when a user signs out.

  • Make sure that your Site ID value is set correctly in the Passport Manager Administration utility. If the value is set to 1, your site is in test mode. While Passport Manager is in test mode, Microsoft .NET Passport cookies remain on the users' browser until the browser is closed, and a sign-out check-mark image will not be displayed on the .NET Passport server logout page. Complete the registration process and edit the Site ID value to reflect your site's Site ID. Passport Manager does not and cannot delete cookies while Site ID is set to 1.
  • Does the path and file name of your cookie-delete page match the Expire Cookie URL that you provided when you registered your site? Does it match the domain and path that the cookies are being written to, as specified in the Passport Manager Administration utility?
  • Does your site use multiple servers with Passport Manager installations? Are all of these servers writing the cookies to the same domain and path? Are all possible copies of your cookie-delete page in agreement?
  • Open your cookie-delete page directly with a browser, making sure that the browser session has established .NET Passport cookies in your site. Does it return a check-mark image like it should? If not, there may be underlying Active Server Pages (ASP) errors. Your cookie-delete page should always return an image of some sort, even if you are using more sophisticated code that can detect deletion failures. Your site's cookie-delete page is loaded as an image, not as a file include, when it is called by the .NET Passport network.
  • Does your cookie-delete page specify its output response file type as an image? Some Microsoft® Internet Explorer browsers (depending on security patches) will not load any URL called as an <IMG> unless the MIME type returned through that URL really specifies an image as content type. For more information, see Implementing Sign-Out and Deleting Cookies.
  • Is your site's cookie-delete page accessible with the Expire Cookie URL that you provided when you registered?
  • It is strongly recommended that your cookie-delete page be served from your Web site root, to make sure that it has permissions to delete any possible paths where .NET Passport cookies have been written. Otherwise, your cookie-delete page may not have rights to delete all necessary cookies, as determined by the cookie access rules enforced by client browsers. Set and then delete some of your own cookies in various paths to test this.
  • The cookie domain field should be preceded with a dot (".") if you share .NET Passport cookies with multiple sites in a larger secondary domain. Some earlier versions of Netscape browsers will not delete cookies from a root without a leading "." specified in the .domain of the cookie when writing headers to delete cookies. For example, "msn.com" may not work in this case, but ".msn.com" will.
  • Is this problem isolated to Microsoft Internet Explorer 6 browser users? If so, your cookie-delete page may not be setting a P3P mini-header, which is required for cookie deletion on that browser. This is due to the implementation of Platform for Privacy Preferences (P3P) code in that browser and its effect on certain cookie-delete scenarios. For more information about P3P, Internet Explorer 6, and the specific mini-header requirements, see .NET Passport and P3P.
  • Also check the browser preferences on the browser being used for testing. Internet Explorer 6, as well as other browsers, permit certain non-default security zone or advanced settings that prevent cookie read or write operations. Allowing for cookie sets, writes, and deletes is a requirement for any browser user when using .NET Passport services.

My pages always show the sign-out logo (from LogoTag2) after a user attempts to sign out.

  • Make sure that you are expiring pages and content on either a site-wide or a page-by-page basis.
  • If the user browser is behind a proxy, there is some chance that bad proxy settings are returning cached content when they should not.
  • If you sign in to your site, then manually type in the Expire Cookie URL that you have registered with .NET Passport, do you find yourself signed out upon return to your site?
  • Are you deleting all the cookies that could exist?

An "X" appears next to my site's name on the sign-out page when a user signs out of my site.

  • Does your cookie-delete page actually return an image? Does it attempt to send any content other than the image to the client browser? Is the content type in the header being set to something other than "image/gif" or "image/jpeg"? Your cookie-delete page should always return an image of some sort unless there is some reason why the cookie-delete operation has failed or should fail. Your cookie-delete page is called as an image source (not as a file include) when it is integrated into the .NET Passport network-wide sign-out page that is actually connected to when a user clicks the Sign Out link. This page deletes cookies as served by all .NET Passport participating sites that were signed in to during that session.

My site is in test mode. How do I test the .NET Passport sign-in/sign-out process?

If your site is in test mode and a user has chosen to save his or her .NET Passport password, the .NET Passport cookies written in the test site's domain will not be deleted at all and a sign-out check-mark image will not be displayed on the .NET Passport server logout page.

When testing browser behavior with a test site installation, you may occasionally need to quit the browser to reproduce a new .NET Passport sign-in.

Cookies are not deleted for my site if a .NET Passport user closes the browser window.

If cookies are not deleted when a .NET Passport user closes the browser window, check the following:

  • Does the user have more than one window open to your site, or does the site create multiple window instances when users view it? Some earlier versions of Internet Explorer consider a browser "session" to be open as long as any browser window is open. Also, certain factors will cause new browser windows to launch out of the same process as an already open process, and as part of propagating the session, various cookies or permissions may be propagated from the parent to the child. Because of this, the session can still be "live" after one or more browser windows have been closed, even if the remaining windows no longer are viewing a .NET Passport site.
  • If the user has selected the "Remember my Password" or "Keep Me Signed In" option, the domain-authority cookies become persistent cookies saved on the browser. Depending on your implementation, a saved password may mean that the cookies can be refreshed silently when the user returns to your site.

See Also

Test Mode | Passport Manager Administration Utility