asp.net - SimpleMembership Presents Login Form to Authenticated User -

asp.net - SimpleMembership Presents Login Form to Authenticated User -

developing asp.net mvc 4 website simplemembership, login controller called though user logged in. far has happened during development (we're not in qa yet), , after modifying .cshtml page. happens once in while after modifying .cshtml page, not consistently.

i have added logging login() method provided template , see user indeed authenticated, , has roles logged-in user should have.

[allowanonymous] public actionresult login(string returnurl) { if (user.identity.isauthenticated) { logger.error("user " + user.identity.name + " authenticated shown login form. roles: " + string.join(", ", roles.getrolesforuser(user.identity.name))); // temporary work-around: websecurity.logout(); } viewbag.returnurl = returnurl; homecoming view(); }

questions

what causing behavior? can happen in production system, e.g. if app domain recycled? is work-around of calling websecurity.logout() before returning login view sound security perspective?

if want check if user logged in, instead of user.identity seek this:

if(request.isauthenticated) {...}

this true if user logged in @ moment. hope reply looking for!

asp.net asp.net-mvc simplemembership