How do you programmatically end a session in asp.net when Session.Abandon() doesn't work?
Asked Answered
C

5

15

Session.Abandon() doesn't seem to do anything. You would expect the Session_end event to fire when Session.Abandon() is called.

Coltish answered 12/5, 2009 at 14:2 Comment(0)
L
34

This is most likely because your SessionMode is not InProc (the only one that can detect when a session ends).

Quoted from MSDN:

Session Events

ASP.NET provides two events that help you manage user sessions. The Session_OnStart event is raised when a new session starts, and the Session_OnEnd event is raised when a session is abandoned or expires. Session events are specified in the Global.asax file for an ASP.NET application.

The Session_OnEnd event is not supported if the session Mode property is set to a value other than InProc, which is the default mode.

Lucaslucca answered 12/5, 2009 at 14:7 Comment(2)
@Syaz: It entirely explains the reason why the Session.OnEnd event is not raised! What is more, the OP has accepted it, so I hardly think you can validly argue that...Lucaslucca
@Lucaslucca I've adjusted the title to match the real question.Phew
M
13

Session.Abandon() is the way to end a session. What is the problem you are encountering?

If its Back button related, that is a completely different issue ( page doesn't postback on Back, instead it runs one from clientside cache so no server side methods will execute).

Additionally, Session_End is problematic. It will only fire on Session.Abandon() when using InProc sessions, so if you are using a different Session mode, it cannot be relied on. Otherwise, Session_End will fire when SessionTimeout is reached ( default is 20 minutes I believe, configured in Web.Config ).

Millisecond answered 12/5, 2009 at 14:5 Comment(0)
A
1

Have you tried using the following?

System.Web.Security.FormsAuthentication.SignOut();

This will clear cookies used for form authentication, although may not be what you're looking for.

You may need to use this in addtion to Session.Abandon()

Ardennes answered 12/5, 2009 at 14:8 Comment(0)
G
1

If sessions appear to persist you might try (in web.config):

<sessionState regenerateExpiredSessionId="true">
Gomer answered 12/5, 2009 at 19:35 Comment(1)
Can anyone explain what that will do? MSDN is not clear msdn.microsoft.com/en-us/library/…Coltish
W
0

It depends, if you have your application at 2 servers: 1 WebApplication that has its own session, and the second WS or WCF application that also has its own session, how it was in an application on which I was working once. Than if you have this case, the session must be ended at second point, and the first is ended the timeout appears. At least you'll have to use a token and to keep the list of tokens, of active sessions. May be it is your case. good luck. PS. To kill the session manage it in the second server.

Wallraff answered 12/5, 2009 at 14:22 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.