the problem i am faceing is :

as soon as the user click logout, the authentication ticket(i am using cookiless, "useURI") is not expiring. therefore, the user can use his ticket even after logging out.. 

for example, user clicks back button of the browser, and refresh the page, it dosent redirect the user to the login.aspx page, rather asp.net allows the user to do modifications in the secured pages

even after he logs out...

i am using forms authentication, timeout = 5, sliding expiration = true, etc.

Also Session.Abandon() in the logout.aspx page_load event, but then also the ticket is usable after logging out..

if u can, then plz help in this matter.. or give me some referance...

amritbera:

for example, user clicks back button of the browser, and refresh the page, it dosent redirect the user to the login.aspx page, rather asp.net allows the user to do modifications in the secured pages

even after he logs out...

Does it?  Or does it pull the page from the browser cache like it's supposed to?

Jeff

 well, nice to hear from you..

i can say that its not pulling the page from cache, i think this

because, if i click REFRESH then the browser should request the page from server, and the

server checks the cuthentication ticket (is'nt it?).. even when i perform delete/update for 

the database from gridview, it works even after logging out (by using to BACK browser button).

i can see u r very much experienced, where as i am new to VS 2008. but then also, i want to know what is actually happening..

plz help me jeff

Hi amritbera,

Could you show us the code for logging out?

Thanks.