FormsAuthentication.SignOut() nightmare!!

[sj1187534]

Scenario:

 

Hi...I have implemented cookieless forms authentication. In this case...what I am doing is, I am appending the encrypted authentication ticket created by the FormsAuthentication to each and every URL in the website. This is allowing me to browse all the secured pages because whenever a secured page is loaded...it looks for the authentication cookie. Now...everything is working smooth until now..

 

Problem:

 

When I am signing out using the FormsAuthentication.SignOut() method and going to the Login page, I am able to come back to the previous page. And i am not only able to see the info but also modify it. I know this is happening because the browser is still able to find the authentication string in the URL when i go back since it is just the history of the browser..I would really appreciate if anyone can tell me how to handle the situation...

 

I have already implemented the checking of "httpcontext.current.user.isauthenticated" thing. I created a base page for the secured pages and in the page_load method of the secured page, I am seeing if the user is still authenticated. But to my bad luck...it is returning true even the user was logged out. Any other way?

 

 

Thanks,

SJ

[angula]

I'm not sure if this will be helpful but I thought I'd try. Maybe you haven't already read this:

 

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconsessionstate.asp

[fadi]

well i didnt understand your scenario, i dont know why u r appending anything to the urls. all what u need is to set up formsauthencation in the web.config. when u sign in call the redirectfromloginpage method and when signing out call the signout method. this is all what u need

[sj1187534]

Hi...I am trying to implement cookieless authentication. Thats the reason I am appending the encrypted ticket to all the URLs.

 

SJ