public ActionResult ChangeTemporaryPassword(ChangePassword changePassword, string returnUrl) { ChangePassword aChangePassword = Session["UserLoginId"] as ChangePassword; if (aChangePassword != null) { if (aDoctorManager.IsValid(aChangePassword.DoctorLoginId, aChangePassword.OldPassword)) { changePassword.DoctorLoginId = aChangePassword.DoctorLoginId; changePassword.NewPassword = Crypto.Hash(changePassword.NewPassword); changePassword.PasswordVerified = true; string message = aDoctorManager.ChangeTemporaryPassword(changePassword); if (message == "Success") { bool rememberMe = false; int timeout = rememberMe ? 525600 : 60; // 525600 min = 1year var ticket = new FormsAuthenticationTicket(aChangePassword.DoctorLoginId, rememberMe, timeout); string encrypted = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted); cookie.Expires = DateTime.Now.AddMinutes(timeout); cookie.HttpOnly = true; Response.Cookies.Add(cookie); if (Url.IsLocalUrl(returnUrl)) { return(Redirect(returnUrl)); } else { Session["UserLoginId"] = null; TempData["ChangeTempPassMsg"] = "Your temporary password changed successfully."; return(RedirectToAction("Index", "Doctor")); } } else { ViewBag.ErrorMessage = message; return(View()); } } else { return(RedirectToAction("Login", "Register")); } } else { return(RedirectToAction("Login", "Register")); } }