Security issue with cookies

[indydavid32]

I have a log off button on my web form which sets the login id, priveledge, etc. to nothing. Like this.

VB Code:

Response.Cookies("LoginName").Value = Nothing
Response.Cookies("LoginName").Expires.AddMilliseconds(1)
Response.Cookies("Priveledge").Value = Nothing
Response.Cookies("Priveledge").Expires.AddMilliseconds(1)
Response.Redirect("Login.aspx")

In my page load event on the form, I have it running this code first.

VB Code:

Dim strPriveledge as String
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
 
If (Request.Cookies("Priveledge") Is Nothing) Then
        Response.Redirect("Login.aspx")
   Else
       strPriveledge = Request.Cookies("Priveledge").Value
   End If
   If strPriveledge = "" Or strPriveledge = Nothing Then
       Response.Redirect("Login.aspx")
   Else
       strPriveledge = Request.Cookies("Priveledge").Value
End If
 
End Sub

If the user has no valid cookies, I do not want this page to load, I want them to be re-directed to the Login screen.

All this works great in the debug stage. The problem is after I pulish it and I use it from somewhere else.

After I log off and then click the favorite button, the page actually displays the page with the data in it allthough I have destroyed the cookies.

Anyone have any ideas on what could be causing this?

I have even verified that the cookie is wiped out.

Thanks

[hellswraith]

Look at this link:
http://www.vbforums.com/showthread.p...hreadid=245643

This shows authentication in asp.net apps and how to incorporate it.

[indydavid32]

Now that I've done some more testing, I think my web app is loading the latest web page that the user loaded.

When the user hits the logout button, could I remove the temporary file that is saved to it's hard drive if there are any there for this particular page?

If so, how?

Thanks