session Handling in asp.net

Question

I am trying to find out how to destroy a ASP.NET session when the user navigates away from my site.I am using Global.ascx application file and use session_end event .Its working fine when i click logout button. But when i close browser directly its not using Global file after 20 minitues. i used in web.conig file as <sessionState mode="InProc" timeout="20"></sessionState>
Please help me
Augustine

Answer 1

Session timeout defines when some session would be destroyed after some idle time.

If you want more control over sessions, you would need to use SQLServer mode, State Server mode, or a custom one taylored yourself.

I mean that, because, for example, SQLServer mode stores sessions in a standard SQL Server table, so, you can implement some SQL Server job, or schedule some task in Windows or in some Windows Service, so you can clean up sessions depending on your needs.

By the way, maybe you need to know that if you're using InProc, your sessions can be destroyed because IIS recycled application pool, or server got entirely restarted. And this isn't ending sessions, so the appropiate event and handler won't work in this scenario.

I repeat, if you need a better session management mode like ones I suggested you.

---

EDIT:

Check this page: http://aspalliance.com/520_Detecting_ASPNET_Session_Timeouts.2

You'll learn how to handle session timeouts better, since Session_End isn't called when a session expires, but when you call "Session.Abandon".

Answer 2

The browser doesn't send a signal to the website when the visitor "navigates away" or "closes his browser". So asp.net (or any other server side technology) can't react to that to destroy a session.

That's why a session works with a timeout: if the user doesn't perform a request within the timeout period, then he is supposed to have abandoned the session, even when he was just reading that page for 20+ minutes.