logout issue

[Guest]

Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName and
Password are not transmitted through the query string, authentication is done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca

 

[Philip Q [MVP]]

What happens if you copy the URL, close the browser, restart the browser and
try loading the page?

 

[Guest]

okay, that redirects me back to the login page
but what if the user forgets to close the browser?
can i do anything about it?

What happens if you copy the URL, close the browser, restart the browser and
try loading the page?

--
Philip Q
Microsoft MVP [ASP.NET]

Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser
redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log
Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName
and
Password are not transmitted through the query string, authentication is
done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca