abandon session in asp.net on browser close..kill session cookie

Question

So I have a website where I use session start and end events to track and limit open instances of our web application, even on the same computer. On page unload i call a session enabled page method which then called session.abandon.

This triggers session end event and clears the session variable but unfortunately does not kill the session cookie!! as a result if other browser instances are open there are problems because their session state just disappeared...and much worse than this when I open the site again with the zombie session still not expired, I get multiple session start and session end events on any subsequent postbacks. This happens on all browsers. so how do I truly kill the session (force the cookie to expire)

Answer 1

If you are using FormsAuthentication you can use:

FormsAuthentication.SignOut();

Answer 2

FormsAuthentication.SignOut(); expires the authentication cookie but doesn't remove session cookie until the timeout period specified in web.config for sessionstate. If you want to remove session immediately, manually expire the session cookie as below.

var myCookie = new HttpCookie("ASP.NET_SessionId") { Expires = DateTime.Now.AddDays(-1D) }; Response.Cookies.Add(myCookie);