What keeps users logged in after clearing cookies in IE?

Question

What keeps users logged in after clearing cookies in IE?

I had a problem when even after deleting the cookies of the users, they were still logged into my MVC MVC website (IIS 6). HOWEVER, this only happens on the machine of my clients, my IE 8 on Win7 does not have this problem, and the usual logout method works fine. It seems they need to close the browser before it frees them from accessing the site after pressing the exit button (they also use IE 8). Any idea what a deal is? Note. It works fine in Firefox for the client.

The exit process is as follows:

delete user web applications "remember my login".
redirect to the federation server, which removes them from ADFS and removes the FS cookies.
they stop on the Logout page on the federation server.

... but when they look at the application again, they are immediately empty!

+4

cookies internet-explorer-8 asp.net-mvc adfs

Bigomega Aug 10 '10 at 13:36

source share

1 answer

Borealid · Accepted Answer · 2010-08-12T14:35:19+0000

If your cookies are deleted, there are five things that can cause this (in decreasing order of probability):

The user authenticated with HTTP Basic at some point. If this happens, the browser caches the auth credentials, and the only way to exit it is to close the browser.
There is an LSO (Flash object) that maintains session state or re-creates cookies.
You are checking something based on the user's IP address.
The page is cached and the user is not actually logged in.
The client performs SPNEGO authentication using its local user credentials, so they are actually registered on your site every time they visit it. You simply did not notice, because SPNEGO does not require user intervention.

These are the only reasons I can come up with for this.

What keeps users logged in after clearing cookies in IE?

More articles: