diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
index 7993bf01..7b631604 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
@@ -217,6 +217,23 @@ namespace WebsitePanel.Portal
         public static void UserSignOut()
         {
             FormsAuthentication.SignOut();
+
+            if (HttpContext.Current.Session != null)
+            {
+                HttpContext.Current.Session.Clear();
+                HttpContext.Current.Session.Abandon();
+            }
+
+            // Clear authentication cookie 
+            HttpCookie rFormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, "");
+            rFormsCookie.Expires = DateTime.Now.AddYears(-1);
+            HttpContext.Current.Response.Cookies.Add(rFormsCookie);
+
+            // Clear session cookie  
+            HttpCookie rSessionCookie = new HttpCookie("ASP.NET_SessionId", "");
+            rSessionCookie.Expires = DateTime.Now.AddYears(-1);
+            HttpContext.Current.Response.Cookies.Add(rSessionCookie); 
+
             HttpContext.Current.Response.Redirect(LoginRedirectUrl);
         }
 
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs
index 5c3087e8..37bde9ba 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs
@@ -64,15 +64,17 @@ namespace WebsitePanel.WebPortal
             // Look for an incoming cookie named "ASP.NET_SessionID" 
             HttpRequest request = ((HttpApplication)sender).Request;
             HttpCookie cookie = GetCookie(request, "ASP.NET_SessionId");
+            HttpCookie authCookie = request.Cookies[FormsAuthentication.FormsCookieName];
 
             if (cookie != null)
             {
                 // Throw an exception if the cookie lacks a MAC 
                 if (cookie.Value.Length <= 24)
                 {
-                    FormsAuthentication.SignOut();
-                    HttpContext.Current.Response.Redirect(DefaultPage.GetPageUrl(PortalConfiguration.SiteSettings["DefaultPage"]));
-                    cookie.Value = GetSessionIDMac(cookie.Value, request.UserHostAddress, request.UserAgent, _ValidationKey);
+                    if ((authCookie != null))
+                    {
+                        WebsitePanel.Portal.PortalUtils.UserSignOut();
+                    } 
                     return;
                 }
 
@@ -87,10 +89,7 @@ namespace WebsitePanel.WebPortal
                 // Throw an exception if the MACs don't match 
                 if (String.CompareOrdinal(mac1, mac2) != 0)
                 {
-                    FormsAuthentication.SignOut();
-                    HttpContext.Current.Response.Redirect(DefaultPage.GetPageUrl(PortalConfiguration.SiteSettings["DefaultPage"]));
-                    cookie.Value = GetSessionIDMac(cookie.Value, request.UserHostAddress, request.UserAgent, _ValidationKey);
-
+                    WebsitePanel.Portal.PortalUtils.UserSignOut();
                 }
 
                 // Strip the MAC from the cookie before ASP.NET sees it