Hi,
I have a web application using identity 2.
I logged in to my systen and did one form post action and captured that action with fiddler.
Then I logged out from the system which uses AuthenticationManager.SignOut().
Then I use fiddler to post the captured one and it still went through.
Is it intended or bug?
I thought the cookie/session or whatever is destroyed after you sign out? (AuthenticationManager.SignOut ())
How can I prevent that?
Another problem is regarding AntiForgeryToken.
What is the life span on the token. I tried to use very old (at least one week) token value and the process still went through.
I thought those tokens are per session based?
Thanks in advanced and sorry for my bad english.
I have a web application using identity 2.
I logged in to my systen and did one form post action and captured that action with fiddler.
Then I logged out from the system which uses AuthenticationManager.SignOut().
Then I use fiddler to post the captured one and it still went through.
Is it intended or bug?
I thought the cookie/session or whatever is destroyed after you sign out? (AuthenticationManager.SignOut ())
How can I prevent that?
Another problem is regarding AntiForgeryToken.
What is the life span on the token. I tried to use very old (at least one week) token value and the process still went through.
I thought those tokens are per session based?
Thanks in advanced and sorry for my bad english.