A
Ali
Our security people have been able to copy and use the FormsAuthentication
cookie. Our Authetication cookie is based on an encrypted ticket and we use
FormsAuthentication.SignOut() when users loggout or kill their session, but
apparently the secure ticket does not get removed from the server by
FormsAuthetication.SignOut().
We have been able to time-out the ticket on the server, but we need to be
able to remove the ticket at any time.
This is our logout procedure:
FormsAuthetication.SignOut()
Session.Abandon()
Response.Redirect("Autheticate.aspx")
Thanks
Ali
cookie. Our Authetication cookie is based on an encrypted ticket and we use
FormsAuthentication.SignOut() when users loggout or kill their session, but
apparently the secure ticket does not get removed from the server by
FormsAuthetication.SignOut().
We have been able to time-out the ticket on the server, but we need to be
able to remove the ticket at any time.
This is our logout procedure:
FormsAuthetication.SignOut()
Session.Abandon()
Response.Redirect("Autheticate.aspx")
Thanks
Ali