What comes after FormsAuthentication.SignOut()?

Discussion in 'ASP .Net' started by IfThenElse, Oct 9, 2007.

  1. IfThenElse

    IfThenElse Guest

    Hi,
    I asked this before but not reply, also I asked this in the asp.netSecurtiy
    group but the group is in temporary coma no reply for few days.
    I am still able to navigate back to secure area even after calling
    FormsAuthentication.SignOut().

    If I exit the browser and come back in it works fine, If I don't exit the
    browser then I can still go to secure areas by modifying the url.

    Not sure what to do.

    help.

    Thank you.
     
    IfThenElse, Oct 9, 2007
    #1
    1. Advertising

  2. IfThenElse

    bruce barker Guest

    depends on if you are in cookie mode or not.

    in cookie mode it updates the cookie to not have an authentication cookie.

    in cookieleess mode it redirects to the login without the url token.
    going back in history in this case might resurrect the login token as
    its in the url (it still has an expiration, so its not good forever).

    -- bruce (sqlwork.com)


    IfThenElse wrote:
    > Hi,
    > I asked this before but not reply, also I asked this in the asp.netSecurtiy
    > group but the group is in temporary coma no reply for few days.
    > I am still able to navigate back to secure area even after calling
    > FormsAuthentication.SignOut().
    >
    > If I exit the browser and come back in it works fine, If I don't exit the
    > browser then I can still go to secure areas by modifying the url.
    >
    > Not sure what to do.
    >
    > help.
    >
    > Thank you.
    >
    >
     
    bruce barker, Oct 9, 2007
    #2
    1. Advertising

  3. IfThenElse

    IfThenElse Guest

    Bruce,

    that is my problem the token is resurrected.

    How do I make sure it is completely dead and no chance to resurrection???

    Thank you,



    "bruce barker" <> wrote in message
    news:...
    > depends on if you are in cookie mode or not.
    >
    > in cookie mode it updates the cookie to not have an authentication cookie.
    >
    > in cookieleess mode it redirects to the login without the url token. going
    > back in history in this case might resurrect the login token as its in the
    > url (it still has an expiration, so its not good forever).
    >
    > -- bruce (sqlwork.com)
    >
    >
    > IfThenElse wrote:
    >> Hi,
    >> I asked this before but not reply, also I asked this in the
    >> asp.netSecurtiy group but the group is in temporary coma no reply for few
    >> days.
    >> I am still able to navigate back to secure area even after calling
    >> FormsAuthentication.SignOut().
    >>
    >> If I exit the browser and come back in it works fine, If I don't exit the
    >> browser then I can still go to secure areas by modifying the url.
    >>
    >> Not sure what to do.
    >>
    >> help.
    >>
    >> Thank you.
     
    IfThenElse, Oct 10, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Johnson
    Replies:
    6
    Views:
    3,791
    tharadk
    Jul 24, 2009
  2. =?Utf-8?B?TWFydGluIExlZQ==?=

    Calling FormsAuthentication.SignOut() after calling Response.Flush

    =?Utf-8?B?TWFydGluIExlZQ==?=, Sep 28, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    742
    =?Utf-8?B?RXRoZW0gQXp1bg==?=
    Sep 28, 2004
  3. Signout does not signout.

    , Apr 4, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    490
  4. jobs
    Replies:
    1
    Views:
    701
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jul 12, 2007
  5. IfThenElse

    FormsAuthentication.SignOut() what to do after

    IfThenElse, Oct 9, 2007, in forum: ASP .Net Security
    Replies:
    2
    Views:
    250
    IfThenElse
    Oct 19, 2007
Loading...

Share This Page