G
Guest
Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName and
Password are not transmitted through the query string, authentication is done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName and
Password are not transmitted through the query string, authentication is done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca