[subhramani]

Hi all,

Question: Where are the cookies saved for a website made with ASP that uses AD authentication and if the website will have any control over deleting the cookies to close the session?

Reason for the question and the actual issue: I support Windows servers and there is an application team who have made a website with ASP that uses AD authentication for users. Problem now is that the users select "Remember Password" when they are not supposed to. The website does not have a 'Sign Out' option but just a javascript to close the browser instead when clicked on 'Close'. I have been suggested to remove the option for users to 'Remember Password' from the registry instead of they adding an option to sign out that deletes the cookies. They say that Windows Authentication does not give the website builder any control over the cookies and is taken care of by IIS.

Is this true? I thought what they said was wrong and they should have all the control over the cookies and delete them to close a session.

Need some help here please