Last post Oct 05, 2015 01:27 PM by Rion Williams
Oct 05, 2015 01:09 PM|Himal_blur|LINK
After running IBM appScan we received an issue - "Session Not Invalidated After Logout". Any idea or suggestion on getting rid of this issue?
Oct 05, 2015 01:27 PM|Rion Williams|LINK
I'm going to assume this is referring to some authentication tokens that are not being properly cleared out when your user is logging out. How are you currently handling the logout? You might want to explicitly invalidate any custom cookies / tokens that
pertain to the application and make sure you are using methods like FormsAuthentication.SignOut() and Session.Abandon() to clear out any values when the user logs out.