Hi Team,
We are using SharePoint foundation 2010 and client is required complete sign out. Here we are using windows authentication and it’s a public facing site.
When a user logs out of the application, the corresponding session is not destroyed on the server. This allows a client-side session identifier to reactivate a session that the user intended to end.
Find the below steps for details.
1.Login to the application with empty tab
2.Logout from the application
3.Browse the site from the empty url
4.Using previous seesion without asking username and password.
for this i have tried with the custom signoutpage withe following code.Below code is written under page_load.
string[] cookies = Request.Cookies.AllKeys;
foreach (string cookiein cookies)
{
if (cookie.ToString().Contains("WSS_KeepSessionAuthenticated"))
{
Response.Cookies["WSS_KeepSessionAuthenticated"].Expires = DateTime.Now.AddDays(-1);
Response.Cookies[cookie].Expires =DateTime.Now.AddDays(-1);
break;
}
}
Session.Abandon();
Session.Clear();
Session.RemoveAll();
Session.Remove(Context.Session.SessionID);
But still we are facing the same issue.
If anybody have faced this issue/fixed appreciate your help.
Thanks,
Bala
Thanks, Balanarasimha Reddy