Menu
I have a web application which uses Asp.net Membership for user authenticaton. And as I understand, when user logs in, information about that user is stored in Session, but when I restart the server the user is still logged in.
Shouldnt Session be deleted with server restart? I dont understand how user is still logged in...
774
The information of a user being logged in is stored in a cookie and it goes between the user's browser and the server with each request.
Restarting the server has nothing to do with the cookie, specifically, the cookie is still valid, it decrypts correctly so the user is considered as logged in.
If you really need to terminate all user sessions, one of ways is changing the application's machine key, the crypto key that is used to encrypt/decrypt auth cookies.
https://msdn.microsoft.com/en-us/library/vstudio/w8h3skw9(v=vs.100).aspx
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
