Forms Authentication Signoff

[Guest]

I am using forms authenication with a custom signon page and I execute the
following statement to force a signoff from a signoff web page...

FormsAuthentication.SignOut();

I have noted that if I then redierct to another form that is supposed to be
protected from entry due to lack of authentication that the form is displayed
anyway. If I then enter data into the form and post the form, processing is
only then redirected to my custom sign-on form. My preference and
understanding is that the form not even be displayed due to lack of
authentication. Sometimes it works correctly.... and other times it does
not.

The same behavior is exhibited if I execute the
FormsAuthentication.SignOut() and then simply change the Browser URL to
attempt to navigate back to a restricted web page. The web page is
displayed.... however once I enter data and post the form, only then is my
signon web page displayed.

Help !!!

 

[ESPN Lover]

Are you using Server.Transfer or Response.Redirect?

 

[Guest]

I am using Response.Redirect.... I just tried Server.Transfer and I see the
same results.

Philip

 

[bruce barker]

this because the browser cached the page, it did not go to the server to get
it. you can expire the pages, but then when the user goes back through
history, they will get a dialog asking if they want to repost.

-- bruce (sqlwork.com)