0
aranhico created
Hello! in your demo "demo.aspnetzero.com/Account/Login" I Login and everything is ok, then I go to roles etc, etc (I save everything in fiddler) Now, I logout, but if I go to previous sessions saved by fiddler and resend them, its accepted and shouldn't happen (because I already logged out). Am I missing something? thank you!
1 Answer(s)
-
0
Hi,
Session is stored in Cookie actually (no state stored on the server). When you logout, the cookie is deleted. If fiddler saves the cookie and send with the next request, server will accept the request since cookie contains encrypted session information. This is not special to AspNet Zero. I think it will be same for any web application.
