Keith
2/1/2004 5:37:00 AM
Don't persist the ticket and your problem will be
solved. Dig through your code and look for the line
similar to:
Dim authTicket as FormsAuthenticationTicket = new
FormsAuthenticationTicket(1, _
"Some
user",DateTime.Now, DateTime.Now.AddMinutes(20),
false, "")
Notice the false in the 4th parameter. That false means
to not store the ticket in a cookie on the users machine.
Good luck.
>-----Original Message-----
>Our security people have been able to copy and use the
FormsAuthentication
>cookie. Our Authetication cookie is based on an
encrypted ticket and we use
>FormsAuthentication.SignOut() when users loggout or kill
their session, but
>apparently the secure ticket does not get removed from
the server by
>FormsAuthetication.SignOut().
>
>We have been able to time-out the ticket on the server,
but we need to be
>able to remove the ticket at any time.
>
>This is our logout procedure:
>
>FormsAuthetication.SignOut()
>Session.Abandon()
>Response.Redirect("Autheticate.aspx")
>
>Thanks
>
>Ali
>
>
>.
>