I'm using form authentication and used session.invalidate(). This works
great but the browser may be cacheing your logoff page, in which case you
may get some unexpected results if you logoff and back in more than once.
You need to disable the page cacheing. I used the following in the head
section of my page.
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
Hopefully this little tidbit will help someone else avoid a few hours of debugging
that I went through. :o)
Dave
