// Log-Out

        /// <summary>
        /// Do not call if the system does not implement the forms authentication capable user management provider.
        /// </summary>
        public static void LogOutUser()
        {
            if (AppRequestState.Instance.ImpersonatorExists)
            {
                UserImpersonationStatics.SetCookie(null);
            }
            else
            {
                clearFormsAuthCookie();
            }
            AppRequestState.Instance.SetUser(null);
        }
        private static void setFormsAuthCookieAndUser(FormsAuthCapableUser user)
        {
            if (AppRequestState.Instance.ImpersonatorExists)
            {
                UserImpersonationStatics.SetCookie(user);
            }
            else
            {
                var strictProvider = SystemProvider as StrictFormsAuthUserManagementProvider;

                // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
                var authenticationDuration = strictProvider != null && strictProvider.AuthenticationTimeoutInMinutes.HasValue
                                                                     ? TimeSpan.FromMinutes(strictProvider.AuthenticationTimeoutInMinutes.Value)
                                                                     : user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration;

                var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
                setFormsAuthCookie(ticket);
            }
            AppRequestState.Instance.SetUser(user);
        }