Session_end, User Identity and resource cleanup

[Dan Walls]

Hi,

I am looking to clean up some database locks whenever a user session ends. A
user session ends whenever they:

a. shut down the browser and the session times out after 20 mins (20 mins is
the default)
b. they click logout button and I call session.abandon()

However a user session ID can be the same over multiple sessions if it is in
the same browser instance apparently.

How can I get user identity information in the session_end routine - as the
HttpContext object is not available there. Neither is the Response object.

Or alternatively - is there some serverside event that occurs when a user
authentication expires or is logged out by a formsauthentication.signout --
I guess I could free the resources there...

Thanks,
Dan.

 

[Martin Dechev]

Hi, Dan,

In the Session_End event handler you can still read from the Session
collection - just store the ID of the user inside it when the user signs in.

Hope this helps
Martin

 

[Alvin Bruney [MVP]]

b. they click logout button and I call session.abandon()
You need to be extremely careful here. See this article:
http://www.developersdex.com/gurus/articles/746.asp

 

[Alvin Bruney [MVP]]

In the Session_End event handler you can still read from the Session

collection - just store the ID of the user inside it when the user signs
in.

No, this isn't guaranteed to work. Abandon is responsible for tearing down
the session object before the session end event fires. You aren't guaranteed
valid results using this approach.