Old user credentials in FluorineFx after resetting a session?

Question

We have a FluorineFx / ASP.Net application which uses forms authentication to identify the current user. To use these credentials in FluorineFx, we use FluorineContext.Current.User.Identity. When I log in the first time, the current context neatly reflects the right identity.

When I log out, I perform a FormsAuthentication.SignOut() and a Session.Abandon to invalidate both the user credentials and the session. But when I log in again as another user, FluorineContext.Current.User.Identity contains the credentials of the previous user, while the ASP.Net application has the right user credentials. When I rebuild my application, the FluorineFx credentials are reset to reflect the right credentials again.

Does anyone have an explanation for this, and/or how to fix this?

Answer 1

Because the Session reset works, and the user's identity doesn't, it's not an authentication cookie problem. I still haven't found a good solution for this problem, and decided to store the current user's identity in session. The session variables are encrypted and are updated on each call to make sure the right credentials are passed along.