Can I end some users session in ASP.NET Webform application, if I have user's the SessionId? I would do this as a web service call.
A:
The line:-
HttpContext.Current.Sesssion.Abandon();
will end the users session. You would need to do this by injecting the correct ASP.NET session cookie in the request if you are not calling this from the client that is already using the session.
AnthonyWJones
2009-12-24 12:59:59
Yes I thaught something in this direction, but I don't know how to inject asp.net session cookie. How do I retrieve a cookie if I have SessionId? Can you perhaps help me with some additional info or maybe helpful link? Thanx
the berserker
2009-12-24 13:23:30
A:
If you wish to terminate a user's session then you can call a page-method via ajax that calls Session.abandon() and upon completion of the call redirect the user to login page.
this. __curious_geek
2009-12-24 13:00:59
A:
You have potentially three options.
- If you are using a SQL Server database to house your session state, you can easily navigate through that and delete the row specific tot hat user. Thus clearing their session.
- Add code to your base page to check a file or database to see if that users session should be cleared.
- Since you know the users session id, you may be able to visit the site yourself and then hack your ASP.Net Session cookie to have your session id be the same. Then you'd have to visit a page that calls the Sesssion.Abandon(); call. Though I am not sure if security limitations on the .NET side would allow this.
Clarence Klopfstein
2009-12-24 15:51:28
yes 3 is the scenario for me. I have figured out that already. After 3rd party will notify me via WS method call to end users session, I would need to put up a request for that session user and go to some page that would call Session.Abandon() for the user. But I can't google out anything helpful on the net how to do it.
the berserker
2009-12-24 21:41:43