http://forums.asp.net/25.aspxAll about ASP.NET security (authentication, authorization, membership, roles, etc.) and the Login controls. <a href="http://aspadvice.com/SignUp/list.aspx?l=24&c=17" target="_blank">Email List</a>enCommunityServer 2007 SP1 (Build: 20510.895)http://forums.asp.net/thread/2609060.aspxTue, 09 Sep 2008 09:01:09 GMT4c671506-2930-414c-a40b-8bf57ded5924:2609060Wencui Qian - MSFT0http://forums.asp.net/thread/2609060.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=25&PostID=2609060<p>Hi <strong>amritbera,</strong></p> <p>Could you show us the code for logging out?</p> <p>Thanks.</p>http://forums.asp.net/thread/2600178.aspxThu, 04 Sep 2008 12:43:06 GMT4c671506-2930-414c-a40b-8bf57ded5924:2600178amritbera0http://forums.asp.net/thread/2600178.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=25&PostID=2600178<p>&nbsp;well, nice to hear from you..</p><p> i can say that its not pulling the page from cache, i think this</p><p>because, if i click <b>REFRESH</b> then the browser should request the page from server, and the</p><p>server checks the cuthentication ticket (is&#39;nt it?).. even when i perform delete/update for&nbsp;</p><p>the database from gridview, it works even after logging out (by using to BACK browser button).</p><p>&nbsp;</p><p>i can see u r very much experienced, where as i am new to VS 2008. but then also, i want to know what is actually happening..</p><p>plz help me jeff <br /></p>http://forums.asp.net/thread/2599947.aspxThu, 04 Sep 2008 10:50:53 GMT4c671506-2930-414c-a40b-8bf57ded5924:2599947jeff@zina.com0http://forums.asp.net/thread/2599947.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=25&PostID=2599947<p><BLOCKQUOTE><div><img src="/Themes/fan/images/icon-quote.gif"> <strong>amritbera:</strong></div><div> <p>for example, user clicks back button of the browser, and refresh the page, it dosent redirect the user to the login.aspx page, rather asp.net allows the user to do modifications in the secured pages</p> <p>even after he logs out...</p> <p></div></BLOCKQUOTE></p> <p>Does it?&nbsp; Or does it pull the page from the browser cache like it&#39;s supposed to?</p> <p>Jeff</p>http://forums.asp.net/thread/2599648.aspxThu, 04 Sep 2008 08:27:09 GMT4c671506-2930-414c-a40b-8bf57ded5924:2599648amritbera0http://forums.asp.net/thread/2599648.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=25&PostID=2599648<p>&nbsp;the problem i am faceing is :</p><p>as soon as the user click logout, the <span class="__mozilla-findbar-search" style="padding:0pt;background-color:yellow;color:black;display:inline;font-size:inherit;">authe</span>ntication ticket(i am using cookiless, &quot;useURI&quot;) is not expiring. therefore, the user can use his ticket even after logging out..&nbsp;</p><p>for example, user clicks back button of the browser, and refresh the page, it dosent redirect the user to the login.aspx page, rather asp.net allows the user to do modifications in the secured pages</p><p>even after he logs out...</p><p>i am using forms <span class="__mozilla-findbar-search" style="padding:0pt;background-color:yellow;color:black;display:inline;font-size:inherit;">authe</span>ntication, timeout = 5, sliding expiration = true, etc.</p><p> Also Session.Abandon() in the logout.aspx page_load event, but then also the ticket is usable after logging out.. <br /></p><p>&nbsp;</p><p>if u can, then plz help in this matter.. or give me some referance...<br /></p>thanks&nbsp; in advance.