public ActionResult ConfirmPasswordReset(string token, string email)
{
//check token is valid for email, then sign in user and go to password change
var userManager = new UserManager();
var user = userManager.GetUserFromResetToken(email, token);
if (user != null)
{
userManager.AssignNewSessionToken(user.ID, true);
//sign in user
PerformCoreLogin(user);
//proceed to password change
TempData["IsCurrentPasswordRequired"] = false;
return RedirectToAction("ChangePassword", "Profile");
}
return View();
}
public ActionResult SignOut()
{
if (Session["UserID"] != null)
{
// assign fresh session token for next login
var userManager = new UserManager();
userManager.AssignNewSessionToken((int)Session["UserID"]);
}
//clear cookies & set new session token
UpdateCookie(Response, "IdentityProvider", "");
UpdateCookie(Response, "Identifier", "");
UpdateCookie(Response, "Username", "");
UpdateCookie(Response, "OCMSessionToken", "");
UpdateCookie(Response, "AccessPermissions", "");
//clear session
Session.Abandon();
return RedirectToAction("Index", "Home");
}
