asp.net authentication

[Jorge]

I have a login page. When the user logs in, I insert 1 frame into the
page and on that frame I navigate through the application, this is so
the URL doesn't display on the address bar. For some reason, when I
log out of the application back to the login page, if I hit refresh,
it will automatically log me back in. I had already done the
FormsAuthentication.SignOut() on the logout page. In contrast, when I
don't use the frames, this doesn't happen. Anybody has any ideas out
there?

Thanks

Jorge

 

[Steve C. Orr [MVP, MCSD]]

My suggestion is: don't use frames. They are a pain in many ways.
There are other ways to hide the address bar.
Use the javascript window.open method to open a window with no address bar
like this:
window.open('WebForm2.aspx','_new','location=no,menubar=no');
Here's more information:
http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_0.asp

Or you can use Server.Transfer to move between pages which will mask the
real URL.

 

[Jim Cheshire [MSFT]]

Jorge,

What happens if you add code so that when you click Logout, it loads a new
page in _top and then logs the user out? IE is likely keeping the session
alive in the other frame.

Jim Cheshire [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------

 

[Jorge Garcia]

Thanks a lot Steve.

I'm currently testing the Server.Transfer idea. I don't know why I
didn't think about that one before!? Probably because in the old ASP,
for some reason you had to clean the cache or do soemthing extra before
displaying any page after doing the Server.Transfer, i.e.: if you had a
menu in your app, it would display twice after doing a Server.Transfer
on some pages. But that's not happening so far in asp .net.
The change to Server.Transfer is going good in the app at the moment,
let's see.

Thanks again.