By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,335 Members | 2,258 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,335 IT Pros & Developers. It's quick & easy.

logout issue

P: n/a
Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName and
Password are not transmitted through the query string, authentication is done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca
Nov 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
What happens if you copy the URL, close the browser, restart the browser and
try loading the page?

--
Philip Q
Microsoft MVP [ASP.NET]

"tzake" <tz***@discussions.microsoft.com> wrote in message
news:1F**********************************@microsof t.com...
Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser
redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log
Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName
and
Password are not transmitted through the query string, authentication is
done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca

Nov 19 '05 #2

P: n/a
okay, that redirects me back to the login page
but what if the user forgets to close the browser?
can i do anything about it?
"Philip Q [MVP]" wrote:
What happens if you copy the URL, close the browser, restart the browser and
try loading the page?

--
Philip Q
Microsoft MVP [ASP.NET]

"tzake" <tz***@discussions.microsoft.com> wrote in message
news:1F**********************************@microsof t.com...
Dear Helper,
I have done an asp.net web application using vb.net with a login page for
authentication.
I am using forms auth, with an sql database.
After I call FormsAuthentication.SignOut(), form, say default.aspx which
requires authentication (aftel logging in of course), the browser
redirects
me to the Login page.
The problem is, that if i copy the URL after logging in, and then I Log
Out,
and then I paste it in to the address bar, the browser redirects me to the
same default.aspx page, without prompting for the password. The UserName
and
Password are not transmitted through the query string, authentication is
done
by the book.(at least i think so)
I think this would mean a security breach.
What can I do?
Thank You,
Mihai Tatarca


Nov 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.