Jaa


Terminating a User Session (Expiring a Token)

An example of when you may want to expire a token is when you want to make sure that the token cannot be used by an attacker after the user logs out. You can use the approach described here to expire a user principal or a user identity.

Typical Goals

In this scenario, the goal is to make sure that the token corresponding to a user identity is expired.

Solution

Call the ExpireIdentity method on the security cache object. This expires the token corresponding to the specified identity.

Using ExpireIdentity

The following code shows how to use the ExpireIdentity method. It assumes that you have resolved the ISecurityCacheProvider type through the Enterprise Library container to obtain an instance of the security cache provider you want to use, and stored the reference in a variable named secCache.

Note

For more information on instantiating objects, see Creating and Referencing Enterprise Library Objects.

// Cache the identity (as shown in a previous scenario). 
IToken token = secCache.SaveIdentity(new GenericIdentity("Username"));

// Expire the cached identity corresponding to the token.
secCache.ExpireIdentity(token);
'Usage
' Cache the identity (as shown in a previous scenario). 
Dim token As IToken = secCache.SaveIdentity(New GenericIdentity("Username"))

' Expire the cached identity corresponding to the token.
secCache.ExpireIdentity(token)

For information about resolving Enterprise Library objects in your applications, see Creating and Referencing Enterprise Library Objects.

Usage Notes

Alternately, you can use the ExpirePrincipal or ExpireProfile methods to remove the principal (an object that implements the IPrincipal interface) or profile information (such as the ASP.NET Profile object) associated with a token from the cache.