Ask a Question related to ASP.NET Security, Design and Development.
-
Ali #1
Security Expoit (FormsAuthentication.SignOut()) Does not Work
Our security people have been able to copy and use the FormsAuthentication
cookie. Our Authetication cookie is based on an encrypted ticket and we use
FormsAuthentication.SignOut() when users loggout or kill their session, but
apparently the secure ticket does not get removed from the server by
FormsAuthetication.SignOut().
We have been able to time-out the ticket on the server, but we need to be
able to remove the ticket at any time.
This is our logout procedure:
FormsAuthetication.SignOut()
Session.Abandon()
Response.Redirect("Autheticate.aspx")
Thanks
Ali
Ali Guest
-
FormsAuthentication.SignOut() problem
Hi All, (thanks in advance for your time) I have a standard login.aspx page (UserName\Password). When the user successully sign in they are... -
FormsAuthentication.SignOut not working
Hello This SignOut code is not working, any ideas? TIA. public class logout : System.Web.UI.Page { private void Page_Load(object sender,... -
FormsAuthentication.SignOut() not working.
In my search to understand ASP.NET security, I went to www.asp.net and was looking at their beginner source code. Here is the link to the code that I... -
What is the purpose of FormsAuthentication.SignOut()?
MSDN documentation says: Removes the authentication ticket. That's it. Where does it remove the authentication ticket from (server /... -
FormsAuthentication.signout does not ??
I am using forms authentication to secure my pages. For my logout, I created a logout page with FormsAuthentication.signout is called at the... -
Keith #2 Security Expoit (FormsAuthentication.SignOut()) Does not Work
Don't persist the ticket and your problem will be
solved. Dig through your code and look for the line
similar to:
Dim authTicket as FormsAuthenticationTicket = new
FormsAuthenticationTicket(1, _
"Some
user",DateTime.Now, DateTime.Now.AddMinutes(20),
false, "")
Notice the false in the 4th parameter. That false means
to not store the ticket in a cookie on the users machine.
Good luck.
FormsAuthentication>-----Original Message-----
>Our security people have been able to copy and use theencrypted ticket and we use>cookie. Our Authetication cookie is based on antheir session, but>FormsAuthentication.SignOut() when users loggout or killthe server by>apparently the secure ticket does not get removed frombut we need to be>FormsAuthetication.SignOut().
>
>We have been able to time-out the ticket on the server,>able to remove the ticket at any time.
>
>This is our logout procedure:
>
>FormsAuthetication.SignOut()
>Session.Abandon()
>Response.Redirect("Autheticate.aspx")
>
>Thanks
>
>Ali
>
>
>.
>Keith Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
