bug ?? Relogin with different user, can see the last access page of the previous user logout using LoginStatus ??

Hi,

I still dont understand why when user click Logout on the LoginStatus link, it does not clean up his last page access. When  another user ( with different role too) login using the same IE window, he get redirect to the previous user's last page access. Surprise to me and it looks like a security flaw.

And thus i have to manually put codes to run formauthentication.signout as what Asp.net 1.1 usually do !!  

Why loginstatus does not clean up the last user session ?? And furthermore, is there any method in loginstatus that can do it programmatically signout as what Formauthentication.signout does in asp.net 1.1 ?? 

 

   

0
whkwan
1/11/2006 2:30:15 AM
asp.net.security 27051 articles. 1 followers. Follow

2 Replies
892 Views

Similar Articles

[PageSpeed] 1

Yeah.. i found the problem. Need to set LogoutAction="RedirectToLoginPage" attributes.

 

BTW, anyone know how to programmatically call a method to signout in ASp.net 2.0  ?? or still have to use Formauthentication.signout() asin asp.net 1.1 ?

 

 

0
whkwan
1/11/2006 3:26:38 AM

Hi everyone,

I thought i have solved the problem as i replied myself the last message.

However, recently i discovered that sometimes the problem reappear !!! Seems like intermediate problem and i dont know how to trace it...is it bug?

Any help ??

0
whkwan
1/19/2006 4:22:36 AM
Reply:

Similar Artilces:

Relogin using different user , can access the previous user login page
Hi  there , I am using ASP Net 2.0 and its login controls. I face security loophole in which within the same IE Window, the 1st user access a page and left for long time. And the 2nd user click on it and get redirect to login page. The second user login and can see the last page that the 1st user left. Why ? Any workaround for this ? Thanks  Hi wkhwan, When the user logs in the second time, they will by default be send back to the page that they were previously on.  Note that they will be accessing the page as the second user ...

only users from group1 can see that bug and all other users from other groups cannot see the bug
This is a multi-part message in MIME format. ------=_NextPart_000_00F9_01CB8745.7027F0B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Dear community, I'm new here and have been working with Bugzilla version 3.2.2 I have the following question: is the following possible? there is one product there are several Groups, Group1, Group2 and the users assigned to these groups Now, if user1 (from Group1) creates a new bug in product then only users from group1 can see that bug and all other users f...

Where can you see what 'user template' was used for creation of a user?
I've looked in the other tab, dsbrowse... Thanks, Mr. Mister Mr. Mister wrote: > I've looked in the other tab, dsbrowse... > > Thanks, > Mr. Mister Nevermind...sort of neglected to look at the template itself. Doh! ...

How I can redirect the user to logout page when user clicks Refresh or Back button
Hi,         I need help on how can  i redirect the user to logout page after he clicks refresh or back button.       I am implementing online exam. Hi You may try the following work-arounds and prevent postbacks that are generated by ASP.NET server controls from being added to the Web browser history folder Please view the section "How to retain only the most recent Web page state in the Web browser history folder" in this article http://support.microsoft.com/kb/913721Best RegardsXiaoYong DaiMicrosoft Onli...

Use Group Security in order to prevent Users seeing Users from another Groups?
Hi all, maybe this matter was asked before, but I did not see it... *sorry* in that case! We have to prevent users being members in a group A (editing bugs in a product A) seeing other users which are memebers in a group B for another product B. Is something like this possible to model with Bugzilla's group security (we are using Bugzilla version 3.4.5)? Or any other Bugzilla build-in mechanism? Any hints are welcome! -Thanks in advance, Frank -- View this message in context: http://old.nabble.com/Use-Group-Security-in-order-to-prevent-Users-seeing-Users-from-anot...

Authenticated users not getting access to secured pages????? What can I do?
Ok I have a simple login page using the login control. Once the user's name and password is found it should take them to main.aspx page. Only authorized users can access teh main.aspx page. Heres teh code for that:Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate        Dim Authenticated As Boolean = False        Authenticated = Authenticate(Login1.UserName, hashPwrd())        e.Authen...

access control: non-privileged users can only see their bugs
Hi folks, I'd like to tweak bugzilla's access control to that normal (unprivileged) users can only a) see certain products b) add new bugs there c) see only their own bugs So, for example, an customer can add a new issue and read it any time, but not bugs of other people. Only specially authorized people should be allowed to read and edit all bugs. How can I do this ? cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ -----------------------------------------...

show each user pages which can access, without using membership or roles
 hi i have the following scenario:each employee authorized to just enter some pages in web site, as an example : jack can enter page 1 ,2 and 3 ,mary can enter page 1 and 3;i want each employee to see a treeview that show him/her the pages that can enter; what is the best way to implement this dynamic view, i mean, i want each employee when enter to see a treeview with pages that can access and i need to keep this tree view alife while he is logging on.HINT: i am not using neither membership nor roles in my web site, i have my own database to store users and to store pages which t...

How can I access a control on a master page from a user control using properties?
Hi, I have a master page which I'm using on my aspx page.  Within this aspx page is a user control and I would like to set a label on my master page using a value from my user control. I can do this using FindControl as shown below but I would like to use properties in my master page. The following code in my user control works perfectly: Label theFormName = (Label)this.Page.Master.FindControl("lblFormName");theFormName.Text = "My Test Form"; However I've been told that using properties is a much better ideas (errors would be picked up at compile time an...

Controlling user roles to access different page without using Web.Config
hi, i have an application where all my user roles is actually been define inside the database.Is there anyway i can do in asp.net rather then putting the user web control into every pages like in the classic asp? Using Role-Based Authorization With Forms Authentication. Check this post (mine:) and in the page_load use: If User.Identity.IsAuthenticated Then     If User.IsInRole("Role1") Then         ' Do something     Else        ' Do nothing     End If Else  ...

Accessing User.ProviderUserKey through Page.User
I'm currently using the standard SqlMembershipProvider that ships with ASP.NET.  I have used the aspnet_regsql tool to add the membership tables to my database.  I would like to access User.ProviderUserKey on my pages and I'm wondering what the best way of doing this is. Let me explain... Most tables in my database have a UserId (uniqueidentifier) column that stores the UserId of the user who contributed each row into the table.  In my pages that provide insert functionality I would like to just call the Insert method passing a reference to either my user or just the u...

how can i write this line using vb.net: List<User> myList = new List<User>();
and which package i need to import System.Collections.GenericDim myList as new List(Of User) If this post is useful to you, please mark it as answer. avi999912: and which package i need to import Hi, If searching in MSDN, you will get this page: http://msdn.microsoft.com/en-us/library/6sh2ey19.aspx, in which, you can find the package at the Namespace subject. .NET Framework Class Library List(T) Class Represents a strongly typed list of objects that can be accessed by index. Provides methods to search, sort, and manipulate lists. Namespace:  System.Collections...

customvalidator on a user control UC1 when the user clicks a button located on a different user control UC2 on the page
Hi, I am maintaining page where a user control is initialized  dynamically. The user control UC1 has a customvalidator using server side validation. When the postback is caused by a button inside the user control UC1 causes the postback, the customvalidator works fine and I get my validation results displayed. However, If I click a button located on a second user control UC2 on the main aspx page, the validation doesn t execute and I get no result validation error displayed. My question,how can I make the validation execute on the user control  UC1 when the postback is caused by...

Can one user use one sign in and have access to multiple portals and be asign different permisions and roles for each portal?
Hi All,With DotNetNuke or a addin is it possible to do the following?I need to have an inviroment where I can maintain multiple groupsassign users to be aministrators of their own groups and createtheir own groups (sites) and assign permissions to their users.Some of these groups may have certain areas that require membershipsthat need to be renewed.I'm currently looking a rewriting my sites to combine them to do thisbut I think DotNetNuke might be able to do this for me.currently when a user logs into one of my sites and browses anothercompletely differnt site they don;t have to log in agai...

Web resources about - bug ?? Relogin with different user, can see the last access page of the previous user logout using LoginStatus ?? - asp.net.security

Mindil Beach Markets Stalls - Fashion and Jewellery
Facebook Trip Advisor YouTube Instagram Thurs 5-10 PM, Sun 4-9 PM Last Thursday in April until the last Thursday in October Menu Home About News ...

Java Web Application Security
... public class LoginController { @Autowired LoginService loginService; @RequestMapping(method = RequestMethod.GET) @ResponseBody public LoginStatus ...

csharp - James Manning's Blog - Page 2
The LoginStatus control is very useful, but I wish it defaulted to redirecting back to the login page instead of making me set that behavior ...

Announcing new .NET and Windows Phone SDKs for SkyDrive, plus IFTTT, DocuSign and SoundGecko integrations ...
... ClientSecret, null ); try { var scopes = new string [] { "wl.signin" , "wl.basic" , "wl.skydrive" }; LiveLoginResult loginStatus = await this ...

Audio Edition: The Urantia Book
The Urantia Book in free downloadable mp3 format

Mindil Beach Markets Stalls - Savoury Cuisine
Facebook Trip Advisor YouTube Instagram Thurs 5-10 PM, Sun 4-9 PM Last Thursday in April until the last Thursday in October Menu Home About News ...

Stalls
Facebook Trip Advisor YouTube Instagram Thurs 5-10 PM, Sun 4-9 PM Last Thursday in April until the last Thursday in October Menu Home About News ...

Mindil Beach Markets Stalls- Health and Wellbeing
Facebook Trip Advisor YouTube Instagram Thurs 5-10 PM, Sun 4-9 PM Last Thursday in April until the last Thursday in October Menu Home About News ...

Contact Details
Facebook Trip Advisor YouTube Instagram Thurs 5-10 PM, Sun 4-9 PM Last Thursday in April until the last Thursday in October Menu Home About News ...

FAQs
Facebook Trip Advisor YouTube Instagram Thurs 5-10 PM, Sun 4-9 PM Last Thursday in April until the last Thursday in October Menu Home About News ...

Resources last updated: 12/1/2015 5:20:00 PM