Session.Abandon () does not leave a session right away

Question

Session.Abandon () does not leave a session right away

In my ASP.NET web application, I call Session.Abandon() in Page_Load() . I expect this to end the session immediately, and the next time I refer to HttpContext.Current.Session , a new session should be created. However, placing control points in the Session_End and Session_Start in Global.asax means that they are not called until the page has finished rendering.

So, two questions:

1) Why?

2) How can I continue to use HttpContext.Current.Session during the page life cycle after calling Session.Abandon ().

Thanks in advance!

+6

c # asp.net session session-state

Mark robinson May 23 '11 at 13:39

source share

3 answers

This was my solution:

 private void PurgeSession() { try { Session.Clear(); } catch (Exception) { } try { Session.Abandon(); } catch (Exception) { } try { Session.RemoveAll(); } catch (Exception) { } try { Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId") {Expires = DateTime.Now.AddYears(-1)}); } catch (Exception) { } }

This is an effective option for orbital bombardment.

Some information is obtained from: http://www.dotnetfunda.com/articles/article1395-how-to-avoid-the-session-fixation-vulnerability-in-aspnet-.aspx

+4

Chris marisic Jun 12 '13 at 17:05

source share

Session.Abandon () actually waits until the page is displayed.

+2

Dennis traub May 23 '11 at 13:42

source share

Elad lachmi · Accepted Answer · 2011-05-23T13:42:01+0000

http://msdn.microsoft.com/en-us/library/ms524310(v=vs.90).aspx

Take a look at the comments section on the linked page. It appears that session objects are queued for deletion only and are not deleted until the code exits.

Session.Abandon () does not leave a session right away

More articles: