How to clear SQL session state for all users in ASP.NET

Question

I use SQLServer SessionState mode to store session in my ASP.NET application. It stores certain objects that are serialized/deserialized every time they are used.

If I make any changes in code of the structure of those objects and I put a new version live, any logged user will get an error, as their session objects (the old version ones) do not match the structure that the new version expects while deserializing.

Is there a way to clear all sessions at once in DB so that all active sessions expire and users are forced to log in again (and therefore all session objects are created from scratch)?

Or... Is there any other way to solve this situation?

Answer 1

You can call Session.Abandon, or Clear for every user when they hit the invalid Session object.

You can also loop through the per-user Session collection, and clear the keys that can contain "old" objects. Maybe you have a login ticket and such that you don't want to clear.

foreach (string key in Session.Keys)
{
  if (!key.Equals("login"))
  {
    Session.Remove(key);
  }
}

Answer 2

You may try using stored procedure in SQL Server to clear all the sessions:

CREATE PROCEDURE [dbo].[DeleteSessions]
AS
DELETE [ASPState].dbo.ASPStateTempSessions

RETURN 0