Session, cookies and Security

I got a problem.

I have a web app,where I do the following:

1)Login

2)later extract the cookie 3)Logout 4)Insert manually the cookie

and when I visit some page again, I'm l开发者_如何学Pythonogged. How can I fix it? I want the cookie expiration.

thanks for your response.

I suggest you use the built-in Forms Authentication mechanism.

What is in that cookie? Just a "loggedin = yes" value?

In that case you could change that to "loggedinsession = {current session ID}".

On logout, delete the cookie (set the value to empty, without expiry) and also .Abandon() the session (so a new request gets a new session ID).

The logged-in check then changes from "does the cookie exist" to "is the value the same as the current session ID".