How do you programmatically end a session in asp.net when Session.Abandon() doesn’t work?

Session.Abandon() doesn’t seem to do anything. You would expect the Session_end event to fire when Session.Abandon() is called.

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

This is most likely because your SessionMode is not InProc (the only one that can detect when a session ends).

Quoted from MSDN:

Session Events

ASP.NET provides two events that help
you manage user sessions. The
Session_OnStart event is raised when a
new session starts, and the
Session_OnEnd event is raised when a
session is abandoned or expires.
Session events are specified in the
Global.asax file for an ASP.NET
application.

The Session_OnEnd event is not
supported if the session Mode property
is set to a value other than InProc,
which is the default mode.

Method 2

Session.Abandon() is the way to end a session. What is the problem you are encountering?

If its Back button related, that is a completely different issue ( page doesn’t postback on Back, instead it runs one from clientside cache so no server side methods will execute).

Additionally, Session_End is problematic. It will only fire on Session.Abandon() when using InProc sessions, so if you are using a different Session mode, it cannot be relied on. Otherwise, Session_End will fire when SessionTimeout is reached ( default is 20 minutes I believe, configured in Web.Config ).

Method 3

Have you tried using the following?

System.Web.Security.FormsAuthentication.SignOut();

This will clear cookies used for form authentication, although may not be what you’re looking for.

You may need to use this in addtion to Session.Abandon()

Method 4

If sessions appear to persist you might try (in web.config):

<sessionState regenerateExpiredSessionId="true">

Method 5

It depends, if you have your application at 2 servers: 1 WebApplication that has its own session, and the second WS or WCF application that also has its own session, how it was in an application on which I was working once. Than if you have this case, the session must be ended at second point, and the first is ended the timeout appears. At least you’ll have to use a token and to keep the list of tokens, of active sessions. May be it is your case. good luck. PS. To kill the session manage it in the second server.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x