views:

1133

answers:

2

So I have a website where I use session start and end events to track and limit open instances of our web application, even on the same computer. On page unload i call a session enabled page method which then called session.abandon.

This triggers session end event and clears the session variable but unfortunately does not kill the session cookie!! as a result if other browser instances are open there are problems because their session state just disappeared...and much worse than this when I open the site again with the zombie session still not expired, I get multiple session start and session end events on any subsequent postbacks. This happens on all browsers. so how do I truly kill the session (force the cookie to expire)

A: 

If you are using FormsAuthentication you can use:

FormsAuthentication.SignOut();
CSharpAtl
will this also remove the session cookie?
Tuviah
A: 

FormsAuthentication.SignOut(); expires the authentication cookie but doesn't remove session cookie until the timeout period specified in web.config for sessionstate. If you want to remove session immediately, manually expire the session cookie as below.

var myCookie = new HttpCookie("ASP.NET_SessionId") { Expires = DateTime.Now.AddDays(-1D) }; Response.Cookies.Add(myCookie);

Venu Bandi