Hey - very nice tool! Thanks!!!
that's exactly the problem, the cookie is not cleared. Therefore the user is
still able to roam about the site - they are never logged off. Another
strange thing is that if a user does log back on, it DOES reset the cookie.
I am not using persistent cookies either...
My login code is below:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
Request.Form["username"],
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
false,
userContextElement.OuterXml,
FormsAuthentication.FormsCookiePath
);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));
// Redirect to requested url...
???
thanks,
mo
"Dominick Baier [DevelopMentor]" <>
wrote in message news:. com...
> Hello mo,
>
> use a tool like www.fiddlertool.com to check if the cookie is really
> cleared...
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> my current project uses FormsAuthentocation.. I need a logoff page -
>>
>> may logo off page contains the following in the Page_Load:
>> Session.Abandon();
>>
>> FormsAuthentication.SignOut();
>>
>> After 'logging off',
>> HttpContext.Current.User.Identity.IsAuthenticated and
>> Request.IsAuthenticated is still true and the user can still access
>> pages that they should net be able to..
>>
>> What's up with this??? I've seen quite a few posts on the web, but no
>> firm answer
>>
>> thanks!
>>
>
>
