Mumbo-jumbo it is, at least for me! I wouldn't worry about the logout button either - you are right, 99.99% of the time I just close the browser too. BUT... it is a requirement for the assignment for my .NET course. We din't get any of this info in class (it's a part time course for which I volunteered - bad idea, I see now - we have 3 hours of class every Saturday for 12 weeks). We are expected to builda working assembly, zip it and e-mail it, and if it doesn't work you don't get any mark!
I don't know were the error occurs, here is the stack trace:
[HttpException (0x80004005): The viewstate is invalid for this page and might be corrupted.]
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +150
System.Web.UI.Page.LoadPageViewState() +18
System.Web.UI.Page.ProcessRequestMain() +423
The thing is, I deleted all cookies I had found undes docs&settings and still looks like I am logged on when I start the app, so I don't get the login form anymore :((
Thanks for your patience!

PS Writing an UT article sound like a very good idea, maybe more than one (one for each authentication type?) so that it does not get too long and too complex. I'm sure there are a lot of lost souls like myself that can benefit from it.


>I recognize the reference to Persist.Checked in your code. That sample is linked all over the internet. Unfortunately, it has some errors and needs to be trimmed up to work correctly.
>
>However, you are correct in surmising that the True parameter in the RedirectFromLoginPage is causing you to stay logged in all the time. The True parameter creates a persistent cookie (as opposed to a cookie that is deleted when the browser session is ended). If your development machine is also your web server, the cookie is located in the C:\Documents and Settings\*username*\Cookies folder named *username*@localhost[1].txt. You will have to delete this file to continue to test your login.aspx form.
>
>Concerning the viewstate error, is this occuring on the postback for your Logout button, or when the default.aspx page is being initialized? I have a UserControl with a logout link also, and I haven't experienced that problem.
>
>Don't get too crazy with the Logout button. 99 times out of 100 the user will simply close the browser window rather than logging out. Actually, looking at my code, I don't call SignOut in the UserControl. I redirect to the Login page and do the SignOut before logging in again in the click event of the Login button.
>
>There really isn't any benefit to calling the SignOut method unless you have some of your own events hooked into it. All it does is delete the FormsAuthenticationTicket from the cookie - and the cookie from your hard drive if the cookie is empty.
>
>--------------------------
>
>Recalling my own experience in figuring out how all this mumbo-jumbo is supposed to work, I was seriously confused about the relationship between the FormsAuthenticationTicket and the browser cookie. Especially so because the ticket has an expiration and the cookie has a separate expiration.
>
>The cookie is a text file that contains one or more "key-value" pairs, which are also called "name-value" pairs sometimes. These key-value pairs are what you use in the SortedList, QueryString, Session and ViewState classes, among others. One of the key-value pairs in the cookie is the FormsAuthenticationTicket.
>
>The key of the Ticket is the name attribute of the forms element in your web.config ("formsauth"). This is how ASP.NET retrieves the Ticket every time the user requests a page. You don't have to use the key anywhere else in your code because it is in your web.config, which gets read by ASP.NET on each request too.
>
>The value of the Ticket is the data that you pass to the Authenticate method. There is more than the Username and Password in the ticket; The Authenticate method plugs in default values for the rest of the data. Specifically, the expiration of the ticket (not the cookie) is one of the default values that the Authenticate method uses. If you are interested in the other data, check out the Contructor for the FormsAuthenticationTicket class in the help file.
>
>---------------------
>
>Well, I could go on for days about this stuff, but I've run out of time tonight. I've considered writing an article for the UT concerning forms authentication, maybe I will get some motivation and do it soon.
>
>This is only the top-most layer of forms authentication, and it isn't particularly secure unless a lot more work goes into it. Forms Authentication is a bear to understand, so don't be discouraged. Just keep plugging away at it and you will reach the summit of Mount Microsoft soon enough :)
>