Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > What comes after FormsAuthentication.SignOut()?

Reply
Thread Tools

What comes after FormsAuthentication.SignOut()?

 
 
IfThenElse
Guest
Posts: n/a
 
      10-09-2007
Hi,
I asked this before but not reply, also I asked this in the asp.netSecurtiy
group but the group is in temporary coma no reply for few days.
I am still able to navigate back to secure area even after calling
FormsAuthentication.SignOut().

If I exit the browser and come back in it works fine, If I don't exit the
browser then I can still go to secure areas by modifying the url.

Not sure what to do.

help.

Thank you.


 
Reply With Quote
 
 
 
 
bruce barker
Guest
Posts: n/a
 
      10-09-2007
depends on if you are in cookie mode or not.

in cookie mode it updates the cookie to not have an authentication cookie.

in cookieleess mode it redirects to the login without the url token.
going back in history in this case might resurrect the login token as
its in the url (it still has an expiration, so its not good forever).

-- bruce (sqlwork.com)


IfThenElse wrote:
> Hi,
> I asked this before but not reply, also I asked this in the asp.netSecurtiy
> group but the group is in temporary coma no reply for few days.
> I am still able to navigate back to secure area even after calling
> FormsAuthentication.SignOut().
>
> If I exit the browser and come back in it works fine, If I don't exit the
> browser then I can still go to secure areas by modifying the url.
>
> Not sure what to do.
>
> help.
>
> Thank you.
>
>

 
Reply With Quote
 
 
 
 
IfThenElse
Guest
Posts: n/a
 
      10-10-2007
Bruce,

that is my problem the token is resurrected.

How do I make sure it is completely dead and no chance to resurrection???

Thank you,



"bruce barker" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> depends on if you are in cookie mode or not.
>
> in cookie mode it updates the cookie to not have an authentication cookie.
>
> in cookieleess mode it redirects to the login without the url token. going
> back in history in this case might resurrect the login token as its in the
> url (it still has an expiration, so its not good forever).
>
> -- bruce (sqlwork.com)
>
>
> IfThenElse wrote:
>> Hi,
>> I asked this before but not reply, also I asked this in the
>> asp.netSecurtiy group but the group is in temporary coma no reply for few
>> days.
>> I am still able to navigate back to secure area even after calling
>> FormsAuthentication.SignOut().
>>
>> If I exit the browser and come back in it works fine, If I don't exit the
>> browser then I can still go to secure areas by modifying the url.
>>
>> Not sure what to do.
>>
>> help.
>>
>> Thank you.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What Comes After Blu-Ray and HD-DVD? Allan DVD Video 9 02-06-2005 03:45 PM
What comes after XP? Wack Computer Support 30 02-03-2004 09:30 AM
What comes after Canon's 10D??? Marc P. Digital Photography 19 12-03-2003 10:36 PM
What comes after Canon's 10D??? Marc P. Digital Photography 3 11-27-2003 02:48 PM
Message: Class alread exists comes up after a while Jerry ASP .Net 0 07-08-2003 03:43 PM



Advertisments