Forms authentication - clean cookie when close browser

[SushiSean]

Hello. I use forms authentication and it's work except one thing.
I want push users make relogin (insert login and pass) when they
close browser.

I have those settings in Web.config :

<authentication mode="Forms">
<forms loginUrl="login.aspx" cookieless="UseCookies"
name="LoginUserCookie" slidingExpiration="true"
enableCrossAppRedirects="true" requireSSL="false" timeout="1"
protection="None" defaultUrl="simple.aspx">
<credentials passwordFormat="Clear">
<user name="test1" password="test2" />
<user name="root" password="admin" />
</credentials>
</forms>

</authentication>

<authorization >
<deny users="?" />
</authorization>


It works like this:
1. Open site and login
2. redirect defaultUrl
3 close browser
4. open browser and get defaultUrl (not login page!!)

The question is why it doesn't ask reinsert login if somebody close browser
and how to do this work?

 

[Dominick Baier]

How do you set the ticket?

using FormsAuthentication.RedirectFromLoginPage or SetAuthCookie -

they both have a boolean paramter - usePersistentCookie (or similar) - if
set to true - the cookie will be saved on the user's harddrive and re-used.

Oh an btw - don't set protection="None" !!! This is very dangerous - leave
it to the default value (which is 'all')

Also disable 'enableCrossAppRedirects' if you don't need it (and you will
only need that in special cases with cookieless auth).