Re: FormsAuthentication.SignOut(); doesn't work...

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 10/23/05

  • Next message: mo: "Re: FormsAuthentication.SignOut(); doesn't work..."
    Date: Sun, 23 Oct 2005 04:44:13 -0700
    
    

    Hello mo,

    use a tool like www.fiddlertool.com to check if the cookie is really cleared...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > my current project uses FormsAuthentocation.. I need a logoff page -
    >
    > may logo off page contains the following in the Page_Load:
    > Session.Abandon();
    >
    > FormsAuthentication.SignOut();
    >
    > After 'logging off',
    > HttpContext.Current.User.Identity.IsAuthenticated and
    > Request.IsAuthenticated is still true and the user can still access
    > pages that they should net be able to..
    >
    > What's up with this??? I've seen quite a few posts on the web, but no
    > firm answer
    >
    > thanks!
    >


  • Next message: mo: "Re: FormsAuthentication.SignOut(); doesn't work..."

    Relevant Pages

    • Re: "secure" flag for HttpCookies
      ... Dominick Baier - DevelopMentor ... the client will not send the cookie to the server on all requests. ... But this doesn't matter cause an attacker can just sniff the cookie on ...
      (microsoft.public.dotnet.security)
    • Re: asp.net login contol using url redirect
      ... Dominick Baier [DevelopMentor] wrote: ... > You have to manually issue the cookie and set the Domain property on the ... >> If however I include the site in a frame on another site, e.g., ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: XML Webservice authentication
      ... what do you mean with "but will need to be authenticated via a cookie" ?? ... Dominick Baier - DevelopMentor ... "web service way" would be to use a SOAP header. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Authentication provider for different sites
      ... the problem is the the browser will not send a cookie from site A to site ... Dominick Baier - DevelopMentor ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: forms authentication -- expired forms cookie vs. not provided forms cookie
      ... Dominick Baier - DevelopMentor ... present, but if the forms cookie is present and expired, I want them to get a timeout page. ... Is this possible with forms authentication? ...
      (microsoft.public.dotnet.framework.aspnet.security)