Bruce,
that is my problem the token is resurrected.
How do I make sure it is completely dead and no chance to resurrection???
Thank you,
"bruce barker" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> depends on if you are in cookie mode or not.
>
> in cookie mode it updates the cookie to not have an authentication cookie.
>
> in cookieleess mode it redirects to the login without the url token. going
> back in history in this case might resurrect the login token as its in the
> url (it still has an expiration, so its not good forever).
>
> -- bruce (sqlwork.com)
>
>
> IfThenElse wrote:
>> Hi,
>> I asked this before but not reply, also I asked this in the
>> asp.netSecurtiy group but the group is in temporary coma no reply for few
>> days.
>> I am still able to navigate back to secure area even after calling
>> FormsAuthentication.SignOut().
>>
>> If I exit the browser and come back in it works fine, If I don't exit the
>> browser then I can still go to secure areas by modifying the url.
>>
>> Not sure what to do.
>>
>> help.
>>
>> Thank you.
|
Similar Threads
