1

I capture a Get request to an .aspx file with the help of Burp Suit, When I log out of my application by using FormsAuthentication.SignOut();, If I repeat the previous authenticated GET request it successfully gets the content of page, How can I prevent this from happening?

Camilo Terevinto
  • 31,141
  • 6
  • 88
  • 120
Rathma
  • 1,196
  • 2
  • 33
  • 65
  • how to check if request is authenticated? – Rathma Oct 22 '18 at 12:52
  • You must have the Authentification somewhere.. session? Something must be stored to know when an user is auth and whatis his identity, right ? – Drag and Drop Oct 22 '18 at 12:53
  • `FormsAuthentication.SetAuthCookie` doest the job of authentication – Rathma Oct 22 '18 at 12:54
  • https://stackoverflow.com/questions/412300/formsauthentication-signout-does-not-log-the-user-out , Here I was looking for cookie cleanning. Sorry for the missleading first comment I missed the `FormsAuthentication` part an throught of a classic session auth. – Drag and Drop Oct 22 '18 at 12:56

0 Answers0