I disagree. There are times when you would want to know when a user logs out. For example I have an application that needs to scan all logged in users to see if there is "anyone home" at a management level. At times a manager might be surfing the site but not actually logged in. Their sessions might still be active because the manager would have recently logged out but is still surfing the site and the software needs to know that.
In this case I have made HttpRuntime.Cache logic to catch login events and data including user name and IP address, user name, etc. This method is called in:
public static void Application_AuthenticateRequest(object sender, EventArgs e)
I then use that data to perform logic calculating login status and other useful application details.
The following is quick and un-tested but if you are asking this sort of question I am sure you can clean it up :). I hope it helps.
public static void HandleUserLoginLogic()
{
string UserName = HttpContext.Current.User.Identity.Name.ToString();
if (UserName != null)
{
// if the user has logged in but we have not performed logic, do it now
if (HttpRuntime.Cache["Authenticated_" + UserName] == null)
{
// absolutely confirm the user has logged in
if (UsrMan.IsUserLoggedIn())
{
// SETUP MY RUNTIME VARIABLES NOW
HttpRuntime.Cache["AuthenticatedIPAddress_" + System.Web.HttpContext.Current.Request.UserHostAddress] = UserName;
HttpRuntime.Cache["Authenticated_" + UserName] = true;
String[] roles = UsrMan.GetRolesForUser(UserName);
// handle roles for this user for future application uses in the future.
foreach (string role in roles)
{
// handle first time condition
if (HttpRuntime.Cache["AuthenticatedUserInRole_" + role] != null)
{
StringCollection scUserRole = (StringCollection)HttpRuntime.Cache["AuthenticatedUserInRole_" + role];
if (!scUserRole.Contains(UserName))
{
scUserRole.Add(UserName);
HttpRuntime.Cache["AuthenticatedUserInRole_" + role] = scUserRole;
}
}
// handle standard condition
else
{
StringCollection scUserRole = new StringCollection();
scUserRole.Add(UserName);
HttpRuntime.Cache["AuthenticatedUserInRole_" + role] = scUserRole;
}
}
}
}
}
// HANDLE LOGGED OUT CONDITION
if ((HttpRuntime.Cache["AuthenticatedIPAddress_" + System.Web.HttpContext.Current.Request.UserHostAddress] != null) && (UserName == null))
{
string OldUserName = HttpRuntime.Cache["AuthenticatedIPAddress_" + System.Web.HttpContext.Current.Request.UserHostAddress].ToString();
HttpRuntime.Cache["Authenticated_" + OldUserName] = null;
String[] roles = UsrMan.GetRolesForUser(UserName);
foreach (string role in roles)
{
StringCollection scUserRole = (StringCollection)HttpRuntime.Cache["AuthenticatedUserInRole_" + role];
scUserRole.Remove(UserName);
if (scUserRole.Count > 0)
HttpRuntime.Cache["AuthenticatedUserInRole_" + role] = scUserRole;
else
HttpRuntime.Cache["AuthenticatedUserInRole_" + role] = null;
}
}
}
public static bool IsUserLoggedIn()
{
bool result = false;
if (HttpContext.Current.User != null &&
HttpContext.Current.User.Identity != null
&& HttpContext.Current.User.Identity.IsAuthenticated)
{ result = true; }
return result;
}