Session not ending?

F

Fabio Cavassini

I've got the following configuration in Web.config

<authentication mode="Forms">
<forms name=".ASPXCOOKIE" loginUrl="sigin.aspx" protection="All"
timeout="30" path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>

When I first try to get a page from the application (let's say ot.aspx)
it redirects to the sigin.aspx page.

Once logged I execute Session.Abandon

Now, I can get the "ot.aspx" page again without having to sig in

It would only ask me again to sigin until I close the browser, wht?

Best Regards
Fabio Cavassini
http://www.pldsa.com
 
G

Guest

On your logout routine, redirect the person to a page. The session.abandon is
not complete on the client side until you ask for another page, as it has to
send a new session cookie (server cookie) to your browser. Until that point
in time, you are still "authenticated".

As a safety measure, you can add a handler that ensures only active
credentials can access anything and, possibly, expire pages so the user, at
best, gets those ugly "page no longer valid" pages.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms timeout, Session timeout 0
Strange Session Restart 0
Session Timeout, not working 2
Forms Authentication not Redirecting 1
createPersistentCookie not working in FormsAuthentication.RedirectFromLoginPage 0
What am I doing wrong with authentication? 3
Session Variables Not Saved 0
Session Timeout 4

Members online

No members online now.
Total: 27 (members: 0, guests: 27)
Robots: 300

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,007
Latest member
obedient dusk

Latest Threads

Top