session.abandon doesn't!

P

Paul W

Using default session handling (ie. inproc and with cookies). I have a
'logout' button that returns the user to the login screen and does a
session.abandon.

HOWEVER, if they then log back in (even with a different username) they will
have the same sessionid as before! This is not what I expected. Can someone
shed light on this, or how I can investigate further? Thanks,

Paul.

(Note - if the user closes their browser, and starts another browser session
then they get a NEW sessionid)
 
J

Joel Leong

The SessionID lasts as long as the browser session lasts even though the
session state expires after the indicated timeout period i.e the same
session ID can represent multiple sessions over time where the instance of
the browser remain the same. This is the normal behavior. Not sure why you
want a new session id?
 
P

Paul W

You are right in that I don't really care about the session ID - just the
session. However, I find that even after doing session.abandon there are
still items in the Session collection (ie. session.count>0). This worries me
that information may copy from session to session! Appreciate any further
info you can provide,

Paul.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top