login forms "standard" way of doing things

Hi,

I'm looking for the most secure way of protecting a "login" section of a website.

Basically I use forms authentication but it doesn't seem to be secure enough.

In IE9 etc people seem to be able to get back in after logging out.

Whats the safest way to protect these areas?

Thanks
scm0smlAsked:
Who is Participating?
 
Kumaraswamy RCommented:
HI

Implement Forms Authentication with Login page is the Best soln

Bellow url give some sample
http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx
0
 
sammySeltzerCommented:
I think you can fix this by adding these entries on your logout.aspx code behind in pageLoad event:

If Session.Count > 0 Then 'Clear sessions
    Session["username"] =""
     Session.RemoveAll()
  End If

You don't have to use the IF statement if you don't want to.
0
 
GlobaLevelProgrammerCommented:
In addition to the above,  I have added a linkbutton in the bottom of the page where you would also see "Terms of Use", "Privacy Policy","Logout"...then on button link event in code behind wipe out all the session

Public sub linkbutton1_OnClick(object as sender, eventargs as E) handles linkbutton1.click
Session("Username") = ""
Session("Password" = ""
Session("ShoppingCart") = ""

end sub


now the user cant get back in bc all session is hardcoded to nothing with no data retained.
0
 
scm0smlAuthor Commented:
OK thanks will give this a whirl and get back to you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.