DezzireDesolator
New Member
Is there a good way to invalidate a Forms Authentication session from the server?I understand that the cookie has an embedded expiration, but I want to do an additional check on the server to verify that the user has not manually signed out. When a user manually signs out, I call \[code\]FormsAuthentication.SignOut()\[/code\] which expires the cookie. However, if I use a developer tool to set the cookie back to its original value, I am still logged in.One option I can think of would be to embed the "login id" into the \[code\]UserData\[/code\] portion of the ticket. By this, I mean that each login is recorded in a database and there is an id associated with it. When a user manually logs out, I could update the database record to show they have done so. This however, would require me querying the database each time a user was authenticated (not ideal). I could maintain a cache, but it seems like that would be a lot of work and I was hoping there was an easier way 
Thanks!
Thanks!