«

I log in to my favorite site. I get an authentication cookie. I get
redirected to the default page.
I leave my site without loggin out. I got to some other website.
I go back to my favorite site's default page within 20 minutes.
My authentication cookie is still there and I can go right in!
My favourite bank site has the same problem.

--
Arne Garvander
(I program VB.Net for fun and C# to get paid. When get paid, I laugh all the
way to the bank.)

Why do you believe this is a problem? It sounds like you are seeing the
expected behavior of a session cookie in a web browser. They are held in
memory and are sent back to the site that issued them, depending the
parameters sent in the Set-Cookie header and the browser's security
settings.

The reason why many sites have a logout function is to clear the data in
that cookie so that it does not authenticate the user anymore. If you don't
execute the request that results in the cookie being changed, it will not be
changed.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Arne Garvander" <> wrote in message
news:A8D9C2DA-5412-4EFE-959B-...
>I log in to my favorite site. I get an authentication cookie. I get
> redirected to the default page.
> I leave my site without loggin out. I got to some other website.
> I go back to my favorite site's default page within 20 minutes.
> My authentication cookie is still there and I can go right in!
> My favourite bank site has the same problem.
>
> --
> Arne Garvander
> (I program VB.Net for fun and C# to get paid. When get paid, I laugh all
> the
> way to the bank.)