ProcessLogon
The first part of this function checks for the login cookie. It does not do any verification of the data in the cookie here, only that it exists, because if the data was not verified, the cookie would be deleted elsewhere.
If the cookie exists, then we set the url that the user will be directed to now that they have logged in. This is where the DEFAULT_USE_SUCCESS_URL information could be used, but I’m not going to go into that.
Then the user is redirected with a 302 response to the successful login page specified with a Location header.
ProcessLogoff
This is what I used to get all of my debugging information while I was learning. By using the built-in logoff page, I could insert information from elsewhere in the filter to the logoff page.
If using the built-in logoff page, then a 200 response is sent while printing out the logoff page to the Response Buffer. During this process, I would print out the content of the g_userName variable, which could have anything from seeing if HTTPS was enabled, to the actual username (which is why the variable is named that, I just never changed it), to seeing if any variables are holding the information you expect.
Otherwise, the user is given a 302 response and redirected to the logoff page defined in the .ini file.
Then, the login cookie is deleted. The cookie is what is used to log the user in or allow them to be logged in automatically the next time they visit the site. Removing the cookie will not log them out of the server, but will prevent them from automatically logging in next time.
