Below is a very abbreviated version of the code I am using to
require NT Authentication on every request for an application. The
authentication works great, however I can't figure out how to
expire the session when the user clicks "log out." Assume that the
"log out" button merely makes a request to "?logout=true." When
this happens, the logout success message is shown, fine and dandy.
But then if the user clicks the Back button, he will see the
previous page without having to re-authenticate. If that page is
reloaded, the authentication screen will then be shown. So I'm
assuming any other type of interaction with the server at that
point would also force authentication.
But what I want is to force the user back to the login screen
after they What I am doing wrong? Or is there no way to get around
this and I have to require the user to close the page after they
logout? Let me know if you have more questions or if I obscured
anything crucial in my code.