The web application I am working on does not destroy sessions properly, which means it is very prone to hijacks. I can log off, enter in the cookies .EpiserverLogin and .ASPXRoles and im inside the application again. I am wondering if there is something unique with EPiServer in how we must destroy our sessions. My current code for destroying sessions is as follows:
protected void MasterLoginStatus_LoggingOut(object sender, LoginCancelEventArgs e)
Any help would be greatly appriciated!