Re: FormsAuthentication.SignOut() what to do after

---

• From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 14 Oct 2007 13:43:03 +0000 (UTC)

---

By using the back button?

SignOut does indeed clear the cooie - which doesn't mean that this cookie would not be valid if re-send.

Try closing the browser - can you still navigate to the secured area after opening a new browser?

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi,

I am still able to navigate back to secure area even after calling
FormsAuthentication.SignOut() on the
logoff.aspx
I read some place that I need to clear the cookie, expire it etc..

But I am not getting it right. Need examples tutorials etc.. please

help.

.

---

• Follow-Ups:
  • Re: FormsAuthentication.SignOut() what to do after
    • From: IfThenElse

• References:
  • FormsAuthentication.SignOut() what to do after
    • From: IfThenElse

• Prev by Date: Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
• Next by Date: Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
• Previous by thread: FormsAuthentication.SignOut() what to do after
• Next by thread: Re: FormsAuthentication.SignOut() what to do after
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-10