logout not abandoning session

janetb99

I've got a custom asp.net 2 login authentication creating a generic principal object and working great except that I can't get the logout to truly abandon/clear. For most of the site, I'm using one master page, but for the secure area, I'm using another master page. The secure master page uses menus, with the logout being a menu item redirect to another page (login.aspx?id=logout) with request parameters to fire. When I click logout, it does indeed take me back to the login page. But, if I manually type in the page where I've just been, it lets me through without a login. I've tried researching the problem and implementing suggestions to others, but nothing has worked. Any help GREATLY appreciated. webConfig: global.asax Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) If HttpContext.Current.User IsNot Nothing Then If HttpContext.Current.User.Identity.IsAuthenticated Then If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then ' Get Forms Identity From Current User Dim id As FormsIdentity = DirectCast(HttpContext.Current.User.Identity, FormsIdentity) ' Get Forms Ticket From Identity object Dim ticket As FormsAuthenticationTicket = id.Ticket ' userdata string was retrieved from stored user-data Dim userData As String = ticket.UserData Dim roles As String() = userData.Split(","c) ' Create a new Generic Principal Instance and assign to Current User System.Web.HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(id, roles) End If End If Else System.Web.HttpContext.Current.User = Nothing End If End Sub login.aspx Function myAuth(ByVal mySql As String) As Boolean 'Response.Write(mySql) FormsAuthentication.Initialize() ' Initialize FormsAuthentication ' Create connection and command objects , contactRole Dim strConn As String = Con