I'm pretty new developing .Net applications. I would like your advice on the authentication matter. We still don't know what practice is better for managing sessions.
Currently, we have developed webForms that validate using 'sessions ' on every page.
Second, we have developed pages that use 'Cookies'
Third and Final, we have added an "authentication mode = "forms" in the web.config file.
All of them programatically defined to last 60 minutes.
Finally, after a user clicks the signout button, the user can still get connected :(