locked
Ending Server Session with Silverlight RIA application RRS feed

  • Question

  • We had a penetration test done on a Silverlight application. We are using the membership provider (aspnet_users) to handle user login and logout. Once logged out, but leaving the browser open, further requests to the service with the cookie was still possible:

    Upon user logoff, the session should be terminated on the server side and access should be denied for all further requests with the cookie. 

    The suggestion was to close the server session, such as in an ASP.NET app you would HttpContext.Session.Abandon. I cannot see how to do that from the client (sliverlight) side.

    Any suggestions?


    • Edited by Tom Hope Monday, October 2, 2017 6:30 PM
    Monday, October 2, 2017 6:30 PM

All replies