I have a WCF method, called from a Silverlight application that makes a call to FormAuthentication.Signout(). I can watch this function being called in the debugger (and in Fiddler), but the AUTHCOOKIE is never cleared. I can still see it in Fiddler. I have added No-Cache attributes to my login page and my page hosting the silverlight application. I know that my forms authentication is set up correctly because if I exit out of IE, then go back in, I get the expected behavior (redirected to login page when attempting to access directories secured by Form Authentication). This happens because I have set the cookie to Not Persist and it is cleared when I exit the browser. As soon as I log in though and get the Auth Cookie, I can't ever seem to get logged out.
Here is some more info on my scenario. I have a ASP.NET 4.0 Web application that is hosting a Silverlight app. If the user is idle for 20 minutes, I want to log them out. When the 20 minutes are up, I make a call to my WCF method mentioned above (FormsAuthentication.Signout()) to clear their Auth cookie. What I am finding is that if I "refresh" the page they are on, I can go to any page that requires authorization. They never seem to actually be "signed out".
I've added all this code to both my login page and page host
View Complete Post