This project has moved and is read-only. For the latest updates, please go here.

ASP.Net Identity - Invalidate Old Session Cookie

Jun 22, 2016 at 5:13 PM
The cookie called AspNet.ApplicationCookie is generated by OWIN after successful login. I cloned the request with cookies after login using Fiddler or other tool, then I signed out from application. I was able to access the application using cloned request without entering user name and password. It seems old session cookie can be used to authenticate a user with unlimited time .

How can we invalidate the Authentication cookie after signout?
Jun 24, 2016 at 8:42 PM
How is this different from your last post?