login forms "standard" way of doing things

Posted on 2011-10-23
Last Modified: 2012-05-12

I'm looking for the most secure way of protecting a "login" section of a website.

Basically I use forms authentication but it doesn't seem to be secure enough.

In IE9 etc people seem to be able to get back in after logging out.

Whats the safest way to protect these areas?

Question by:scm0sml
    LVL 29

    Accepted Solution


    Implement Forms Authentication with Login page is the Best soln

    Bellow url give some sample
    LVL 28

    Expert Comment

    I think you can fix this by adding these entries on your logout.aspx code behind in pageLoad event:

    If Session.Count > 0 Then 'Clear sessions
        Session["username"] =""
      End If

    You don't have to use the IF statement if you don't want to.
    LVL 10

    Expert Comment

    In addition to the above,  I have added a linkbutton in the bottom of the page where you would also see "Terms of Use", "Privacy Policy","Logout"...then on button link event in code behind wipe out all the session

    Public sub linkbutton1_OnClick(object as sender, eventargs as E) handles
    Session("Username") = ""
    Session("Password" = ""
    Session("ShoppingCart") = ""

    end sub

    now the user cant get back in bc all session is hardcoded to nothing with no data retained.

    Author Comment

    OK thanks will give this a whirl and get back to you.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    AJAX ModalPopupExtender has a required property "TargetControlID" which may seem to be very confusing to new users. It means the server control that will be extended by the ModalPopup, for instance, if when you click a button, a ModalPopup displays,…
    Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video discusses moving either the default database or any database to a new volume.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now