I redirect the user to the login page when user click log out however I don't think it clears any application or session because all the data persisted when the user logs back in.
Currently the login page has a login control and the code behind on the page is only wired up the login Authenticate.
Can someone direct me to a good tutorial or article about handling log in and out of ASP.NET web sites?
Session.Abandon()
http://msdn.microsoft.com/en-us/library/ms524310.aspx
Here is a little more detail on the HttpSessionState object:
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate_members.aspx
I use following to clear session and clear aspnet_sessionID:
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
.Clear and .Abandon, but this 3rd step is really needed. –
Cyan I would prefer Session.Abandon()
Session.Clear() will not cause End to fire and further requests from the client will not raise the Session Start event.
Session.Abandon() destroys the session and the Session_OnEnd event is triggered.
Session.Clear() just removes all values (content) from the Object. The session with the same key is still alive.
So, if you use Session.Abandon(), you lose that specific session and the user will get a new session key. You could use it for example when the user logs out.
Use Session.Clear(), if you want that the user remaining in the same session (if you don't want him to relogin for example) and reset all his session specific data.
The way of clearing the session is a little different for .NET core. There is no Abandon() function.
ASP.NET Core 1.0 or later
//Removes all entries from the current session, if any. The session cookie is not removed.
HttpContext.Session.Clear()
.NET Framework 4.5 or later
//Removes all keys and values from the session-state collection.
HttpContext.Current.Session.Clear();
//Cancels the current session.
HttpContext.Current.Session.Abandon();
<script runat="server">
protected void Page_Load(object sender, System.EventArgs e) {
Session["FavoriteSoftware"] = "Adobe ColdFusion";
Label1.Text = "Session read...<br />";
Label1.Text += "Favorite Software : " + Session["FavoriteSoftware"];
Label1.Text += "<br />SessionID : " + Session.SessionID;
Label1.Text += "<br> Now clear the current session data.";
Session.Clear();
Label1.Text += "<br /><br />SessionID : " + Session.SessionID;
Label1.Text += "<br />Favorite Software[after clear]: " + Session["FavoriteSoftware"];
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>asp.net session Clear example: how to clear the current session data (remove all the session items)</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h2 style="color:Teal">asp.net session example: Session Clear</h2>
<asp:Label
ID="Label1"
runat="server"
Font-Size="Large"
ForeColor="DarkMagenta"
>
</asp:Label>
</div>
</form>
</body>
</html>
session.abandon() will not remove the sessionID cookie from the browser. Therefore any new requests after this will take the same session ID. Hence, use Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); after session.abandon().
for .Net core
[HttpPost]
public IActionResult Logout()
{
try
{
CookieOptions option = new CookieOptions();
if (Request.Cookies[AllSessionKeys.AuthenticationToken] != null)
{
option.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Append(AllSessionKeys.AuthenticationToken, "", option);
}
HttpContext.Session.Clear();
return RedirectToAction("Login", "Portal");
}
catch (Exception)
{
throw;
}
}
Session.Clear();
Go to file Global.asax.cs in your project and add the following code.
protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddHours(-1));
Response.Cache.SetNoStore();
}
It worked for me..! Reference link Clear session on Logout MVC 4
© 2022 - 2024 — McMap. All rights reserved.