Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Not Logging OffNot Logging Off
Previous
 
Next
New Post
3/20/2017 2:11 AM
 

I've had a penetration test reveal something that a bit of a concern.  I'm able to record requests to my DNN application with Fiddler, something simple like changing the logged in user's middle name, then logout and replay that request having modified the middle name field to 'I'm logged out' and the request is processed as if the user was still logged in.  Read, logging out is 'not' logging out.

 

Has anyone experienced this issue?

 

I'm sure I've fixed this in the past by way of calling Session.Abandon(); and redirecting back to the landing page but this isn't working anymore.

 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Not Logging OffNot Logging Off


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out