How to end a session

Steffen Loringer · Jun 24, 2005

Hi

I'm using Session.Abandon() to end a user session when clicking the
Logout button of the application. But if the user request the page
directly via URL in IE the server starts processing the page again.
The sessionIDs are the same in both cases.

I expected the sessionID not to be valid anymore.Should one end the user
session in another way? If a user is logged out he should be redirected
to the login page if he requests pages directly.

Thanks for help
Steffen

John Timney \(ASP.NET MVP\) · Jun 24, 2005

if the session has actually ended there is anothing to stop them being given
the same session ID as the session ID's are recycled. Check your session is
ending correctly by loading a session value in one session and checking it
in another via a different page request.

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director

Juan T. Llibre · Jun 24, 2005

In ASP.NET 2.0, this is programmable via the sessionState setting:
regenerateExpiredSessionId, settable to "true" or "false"

<sessionState mode="InProc" cookieless="UseCookies" regenerateExpiredSessionId="false"
timeout="20">

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples.	2	May 5, 2023
proper way to logout and end a session	1	Feb 19, 2009
how to check end of session with clientcallback page?	4	Dec 5, 2007
How can I upload a tar.bz2 file to OpenStack swift object storage container using the Python swift client?	1	Mar 22, 2024
A way to get back lost session values	3	Oct 12, 2012
Session Problems	2	Sep 3, 2009
I have to finish this code for my assignment but I cant figure out how to solve it	1	Jun 27, 2023
Abandon Session	2	Jan 25, 2006

How to end a session

Steffen Loringer

John Timney \(ASP.NET MVP\)

Juan T. Llibre

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads