Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Kill A Session or Session ID (ASP.NET/C#)

People also ask

How do you close a session in C#?

There Are 3 ways to Destroy SessionSession. Abandon(); Session. Clear(); Session. RemoveAll();

How do you end a user session in ASP?

Alternatively, to deliberately end a session you can use the Session. Abandon method of the Session object. For example, you can provide a Quit button on a form with the ACTION parameter set to the URL of an .

Which method is used to destroy session in asp net?

The ASP Session. Abandon Method is used to destroy a session of the user. Generally , It destroys the object which are stored in the Session object. If we do not call the Abandon method explicitly, the server destroys these objects when the session times out.

How do you kill a web session?

Session. Clear(); Session. Abandon(); It will kill the user session.


The Abandon method should work (MSDN):

Session.Abandon();

If you want to remove a specific item from the session use (MSDN):

Session.Remove("YourItem");

EDIT: If you just want to clear a value you can do:

Session["YourItem"] = null;

If you want to clear all keys do:

Session.Clear();

If none of these are working for you then something fishy is going on. I would check to see where you are assigning the value and verify that it is not getting reassigned after you clear the value.

Simple check do:

Session["YourKey"] = "Test";  // creates the key
Session.Remove("YourKey");    // removes the key
bool gone = (Session["YourKey"] == null);   // tests that the remove worked

It is also a good idea to instruct the client browser to clear session id cookie value.

Session.Clear();
Session.Abandon();
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-10);

Session.Abandon()

This marks the session as Abandoned, but the session won't actually be Abandoned at that moment, the request has to complete first.


From what I tested:

Session.Abandon(); // Does nothing
Session.Clear();   // Removes the data contained in the session

Example:
001: Session["test"] = "test";
002: Session.Abandon();
003: Print(Session["test"]); // Outputs: "test"

Session.Abandon does only set a boolean flag in the session-object to true. The calling web-server may react to that or not, but there is NO immediate action caused by ASP. (I checked that myself with the .net-Reflector)

In fact, you can continue working with the old session, by hitting the browser's back button once, and continue browsing across the website normally.

So, to conclude this: Use Session.Clear() and save frustration.

Remark: I've tested this behaviour on the ASP.net development server. The actual IIS may behave differently.


Session.Abandon() this will destroy the data.

Note, this won't necessarily truly remove the session token from a user, and that same session token at a later point might get picked up and created as a new session with the same id because it's deemed to be fair game to be used.