Form Authentication IsOnline method does not retrieve the correct status

Question

Hello,

I am using Form Authentication in an ASP.NET MVC project.

When the current user click on the Exit link the code execute an action that does in sequence:

System.Web.Security.FormsAuthentication.SignOut();
Session.Abandon();

The second call is not properly needed because I am not using session at all.

The problem is that if I login with an Admin account I can see the user still Logged In.

Where I am doing wrong?

thanks for helping!

EDIT:

Added the Login code just to be complete

if (ModelState.IsValid) {
    if (MembershipService.ValidateUser(model.UserName, model.Password)) {
        System.Web.Security.FormsAuthentication.SignIn(model.UserName, model.RememberMe);
        if (!String.IsNullOrEmpty(returnUrl)) {
            return Redirect(returnUrl);
        }
        else {
            return RedirectToAction("Index", "Home");
        }
    }
    else {
        ModelState.AddModelError("", "Error....");
    }
}

Answer 1

Ok. I have found the problem.

I was using, to show the current loggein users the following call

MembershipUser user = Membership.GetUser(userKey, true) if ( user.IsOnline ) { ... }

and I have realized that the second parameter of the GetUser method sets the User status to online and updates the LastActivity field in the data store. I dont know why this is working this way but that's it...