Forms based authentication - Cookie doesn't expire on Sign Out


  • Hi,

     We had a security testing on some of our SharePoint sites. The tester ran some Security tools on Firefox and could find the authentication cookie in the URL. Even after a user signs out , we are able to get into the portal with the authentication URL that contains the cookie.

    We found a solution on msdn

    but it is totally unreasonable to have every user's state stored in a persistent storage and update a flag every time the user's signs out.

    Can anyone help with how we can expire a forms based authentication cookie?




    Monday, February 27, 2012 6:24 PM

All replies