I'm going to assume this is referring to some authentication tokens that are not being properly cleared out when your user is logging out. How are you currently handling the logout? You might want to explicitly invalidate any custom cookies / tokens that
pertain to the application and make sure you are using methods like FormsAuthentication.SignOut() and Session.Abandon() to clear out any values when the user logs out.
None
0 Points
3 Posts
IBM App Scan - Session Not Invalidated After Logout
Oct 05, 2015 01:09 PM|Himal_blur|LINK
Hi,
After running IBM appScan we received an issue - "Session Not Invalidated After Logout". Any idea or suggestion on getting rid of this issue?
Thanks.
IBM asp.net
All-Star
113110 Points
18361 Posts
MVP
Re: IBM App Scan - Session Not Invalidated After Logout
Oct 05, 2015 01:27 PM|Rion Williams|LINK
I'm going to assume this is referring to some authentication tokens that are not being properly cleared out when your user is logging out. How are you currently handling the logout? You might want to explicitly invalidate any custom cookies / tokens that pertain to the application and make sure you are using methods like FormsAuthentication.SignOut() and Session.Abandon() to clear out any values when the user logs out.
IBM asp.net