Sanuja Ariyapperuma
Reputation: 466
Session persist for few minutes after log out ASP.NET
I have an ASP.NET 4.8 MVC application. I am using form authentications. Recently I have discovered that pages are accessible for a period of time 0-5min even after logged out.
This is only happening when using the BurpSuite tool with the help of Repeater. This is happening only for a time period of not more than 5 minutes. From the browser, it is 100% unable to access pages after logout. I am confused about how only the BurpSuite Repeater can access protected pages even after logging out.
I do not use any server caching.
public ActionResult Logout()
{
FormsAuthentication.SignOut();
// Abandon the session
Session.Abandon();
// Clear session state
Session.Clear();
Session.RemoveAll();
return RedirectToAction("Login", "Account");
}
Upvotes: 0
Views: 29
Answers (0)
Related Questions
- How do I expire a PHP session after 30 minutes?
- Session lock causes ASP.Net websites to be slow
- php session expires randomly after a few minutes
- Session timeout in ASP.NET
- ASP.NET Identity - HttpContext has no extension method for GetOwinContext
- Session variables in ASP.NET MVC
- ASP.NET session ends unexpectedly
- ASP.NET session stateid issue
- ASP.NET not redirecting to defaultURL automatically after ending session
- Session.Abandon does not automatically redirect to loginurl in asp.net