session.abandon doesn't!

P

Paul W

Using default session handling (ie. inproc and with cookies). I have a
'logout' button that returns the user to the login screen and does a
session.abandon.

HOWEVER, if they then log back in (even with a different username) they will
have the same sessionid as before! This is not what I expected. Can someone
shed light on this, or how I can investigate further? Thanks,

Paul.

(Note - if the user closes their browser, and starts another browser session
then they get a NEW sessionid)
 
J

Joel Leong

The SessionID lasts as long as the browser session lasts even though the
session state expires after the indicated timeout period i.e the same
session ID can represent multiple sessions over time where the instance of
the browser remain the same. This is the normal behavior. Not sure why you
want a new session id?
 
P

Paul W

You are right in that I don't really care about the session ID - just the
session. However, I find that even after doing session.abandon there are
still items in the Session collection (ie. session.count>0). This worries me
that information may copy from session to session! Appreciate any further
info you can provide,

Paul.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Session.Abandon() 1
sessionId is reused after calling session.abandon 4
How to end a session 2
Session abandon. New page loaded but not new SessionID 3
browser BACK button doesn't tigger the page_load event of asp.net 1
abandon specific session 2
asp:login control - user prompted to log in twice if session disab 3
Membership - Log Out Programatically 4

Members online

No members online now.
Total: 56 (members: 0, guests: 56)
Robots: 398

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,810
Latest member
Kassie0918

Latest Threads

Top