How to clear out session on log out
asp.net.Netasp.net Sessionasp.net Problem Overview
I redirect the user to the login page when user click log out however I don't think it clears any application or session because all the data persisted when the user logs back in.
Currently the login page has a login control and the code behind on the page is only wired up the login Authenticate.
Can someone direct me to a good tutorial or article about handling log in and out of ASP.NET web sites?
asp.net Solutions
Solution 1 - asp.net
Session.Abandon()
http://msdn.microsoft.com/en-us/library/ms524310.aspx
Here is a little more detail on the HttpSessionState
object:
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate_members.aspx
Solution 2 - asp.net
I use following to clear session and clear aspnet_sessionID
:
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
Solution 3 - asp.net
I would prefer Session.Abandon()
Session.Clear()
will not cause End to fire and further requests from the client will not raise the Session Start event.
Solution 4 - asp.net
Session.Abandon()
destroys the session and the Session_OnEnd
event is triggered.
Session.Clear()
just removes all values (content) from the Object. The session with the same key
is still alive
.
So, if you use Session.Abandon()
, you lose that specific session and the user will get a new session key
. You could use it for example when the user logs out
.
Use Session.Clear()
, if you want that the user remaining in the same session (if you don't want him to relogin for example) and reset all his session specific data.
Solution 5 - asp.net
The way of clearing the session is a little different for .NET core. There is no Abandon()
function.
ASP.NET Core 1.0 or later
//Removes all entries from the current session, if any. The session cookie is not removed.
HttpContext.Session.Clear()
.NET Framework 4.5 or later
//Removes all keys and values from the session-state collection.
HttpContext.Current.Session.Clear();
//Cancels the current session.
HttpContext.Current.Session.Abandon();
Solution 6 - asp.net
<script runat="server">
protected void Page_Load(object sender, System.EventArgs e) {
Session["FavoriteSoftware"] = "Adobe ColdFusion";
Label1.Text = "Session read...<br />";
Label1.Text += "Favorite Software : " + Session["FavoriteSoftware"];
Label1.Text += "<br />SessionID : " + Session.SessionID;
Label1.Text += "<br> Now clear the current session data.";
Session.Clear();
Label1.Text += "<br /><br />SessionID : " + Session.SessionID;
Label1.Text += "<br />Favorite Software[after clear]: " + Session["FavoriteSoftware"];
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>asp.net session Clear example: how to clear the current session data (remove all the session items)</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h2 style="color:Teal">asp.net session example: Session Clear</h2>
<asp:Label
ID="Label1"
runat="server"
Font-Size="Large"
ForeColor="DarkMagenta"
>
</asp:Label>
</div>
</form>
</body>
</html>
Solution 7 - asp.net
session.abandon() will not remove the sessionID cookie from the browser. Therefore any new requests after this will take the same session ID. Hence, use Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); after session.abandon().
Solution 8 - asp.net
Session.Clear();
Solution 9 - asp.net
Go to file Global.asax.cs in your project and add the following code.
protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddHours(-1));
Response.Cache.SetNoStore();
}
It worked for me..! Reference link <https://stackoverflow.com/questions/27738174/clear-session-on-logout-mvc-4>