473,320 Members | 1,867 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

logout issue

Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName and
Password are not transmitted through the query string, authentication is done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca
Nov 19 '05 #1
2 1317
What happens if you copy the URL, close the browser, restart the browser and
try loading the page?

--
Philip Q
Microsoft MVP [ASP.NET]

"tzake" <tz***@discussions.microsoft.com> wrote in message
news:1F**********************************@microsof t.com...
Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser
redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log
Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName
and
Password are not transmitted through the query string, authentication is
done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca

Nov 19 '05 #2
okay, that redirects me back to the login page
but what if the user forgets to close the browser?
can i do anything about it?
"Philip Q [MVP]" wrote:
What happens if you copy the URL, close the browser, restart the browser and
try loading the page?

--
Philip Q
Microsoft MVP [ASP.NET]

"tzake" <tz***@discussions.microsoft.com> wrote in message
news:1F**********************************@microsof t.com...
Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser
redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log
Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName
and
Password are not transmitted through the query string, authentication is
done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca


Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Jon Natwick | last post by:
I'm trying to add a dynamically created logout link on my pages. The link to the logout page will show if the user is logged in. I put a placeholder on the aspx page and then dynamically create...
6
by: Kevin Yu | last post by:
is it possible to for user to click a logout button to logout and when the user want to get into the system again, the user have to login again? Kevin
6
by: somaskarthic | last post by:
Hi This is somas here. I asked query about detecting the browser close event using javascript. I want to detect the event only when the X button in the top right corner is clicked and not else...
0
by: ShailShin | last post by:
Hi All, Developing an VB App for Login and logout tracking. In App Form there are two buttons login and logout. When user click on login the loginName, LoginTime and LoginDate get stored in...
25
by: crescent_au | last post by:
Hi all, I've written a login/logout code. It does what it's supposed to do but the problem is when I logout and press browser's back button (in Firefox), I get to the last login page. In IE,...
12
kamill
by: kamill | last post by:
I have done a logout page for logout from admin section and provides a link to logout from admin section.Whenever i clicked on logout link it redirected to index.php of admin section......BUT when i...
10
by: chaos | last post by:
How to do logout alert message when i press on the logout image <a href="../logout.php" target="_top" onClick="return logout()"...
1
by: shrik | last post by:
hi everybody. I have following problem. There are two pages. index.jsp and main.jsp in my application Index.jsp contains logging interface in . It submits password and userid to loginform bean. ...
1
by: Kandiman | last post by:
Hiya, i made a asp page, and one of my divs (as a include) is as below. the problem is if the main page is resubmitted, i get logged out again?... heres the code.. i think its on the value=true...
10
by: DavidPr | last post by:
When I logout as one user and log in under a different user, it opens with the last user's information. User 1 - Unsername: Davey Jones User 2 - Unsername: David Smith I log out from Davey...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.