FormsAuthentication.SignOut() does not log the user out.

Posted by Jason on Stack Overflow See other posts from Stack Overflow or by Jason
Published on 2009-01-05T04:48:42Z Indexed on 2010/03/22 0:31 UTC
Read the original article Hit count: 726

Smashed my head against this a bit too long. How do I prevent a user from browsing a site's pages after they have been logged out using FormsAuthentication.SignOut? I would expect this to do it:

FormsAuthentication.SignOut();
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();

But it doesn't. If I type in a URL directly, I can still browse to the page. I haven't used roll-your-own security in a while so I forget why this doesn't work.

© Stack Overflow or respective owner

Related posts about forms-authentication

Related posts about ASP.NET