Forms authentication, Cookies, Timeouts, SSL Cert.

Asked By TK Neva

04-Nov-09 02:39 PM

Earn up to 0 extra points for answering this tough question.

Hello all,

I have an aspx web site written in VB.NET. I use forms authentication with cookies and some SHA1 hashes to the passwords, and timeouts set to 10 minutes. It all works fine, but I want the page to delete the cookie if the user ever browses to another web site off of the domain. For instance: I am at www.mypage.host.com and I go to www.google.com then hit back, I want the page to ask for login credentials again and not actually let the user back in.

Is there a setting in the web.config file that can handle this. The site is still in development, but it will eventually have an SSL Certificate used with it. I know very little about these certificates, but will the SSL cert handle this issue I have?

Thanks for the help.

Forms authentication, Cookies, Timeouts, SSL Cert.

mv ark replied to TK Neva

30-Nov-09 09:46 PM

If you are using a Master page, put this in the Page_Init of that :

Response.Cache.SetNoServerCaching();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Response.Cache.SetExpires(new DateTime(1900, 01, 01, 00, 00, 00, 00));

Some web browsers should cache content over HTTPS, according to this
link -
http://stackoverflow.com/questions/174348/will-web-browsers-cache-content-over-https