How to Expire an Authenticatoin Ticket Manually

Discussion in 'ASP .Net Mobile' started by Ali, Jan 28, 2004.

  1. Ali

    Ali Guest

    Our security people have been able to copy and use the FormsAuthentication
    cookie. Our Authetication cookie is based on an encrypted ticket and we use
    FormsAuthentication.SignOut() when users loggout or kill their session, but
    apparently the secure ticket does not get removed from the server by
    FormsAuthetication.SignOut().

    We have been able to time-out the ticket on the server, but we need to be
    able to remove the ticket at any time.

    This is our logout procedure:

    FormsAuthetication.SignOut()
    Session.Abandon()
    Response.Redirect("Autheticate.aspx")

    Thanks
     
    Ali, Jan 28, 2004
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. e
    Replies:
    1
    Views:
    3,849
    John Saunders
    Oct 24, 2003
  2. Ali
    Replies:
    7
    Views:
    590
  3. chongo
    Replies:
    1
    Views:
    570
    Trent Millar
    Apr 28, 2004
  4. Roel

    authentication ticket

    Roel, Jul 19, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    562
    John Saunders
    Jul 19, 2004
  5. Matthias S.
    Replies:
    3
    Views:
    4,321
  6. ray
    Replies:
    1
    Views:
    466
    Dominick Baier [DevelopMentor]
    Aug 4, 2005
  7. Tongass Park Neighborhood Association, Juneau Alas

    Cookies expire immediately, not when set to expire

    Tongass Park Neighborhood Association, Juneau Alas, Oct 1, 2009, in forum: ASP General
    Replies:
    2
    Views:
    1,447
    SQLDude
    Nov 24, 2009
  8. Replies:
    1
    Views:
    217
Loading...