Answer

Deactivate previous session

Anu

Sep 20

341

Hi,

I have set session timout to 10 min. On clicking logout I have used below codes to clear the session

At the time of each login, a new session id is generated. Even after regenerating new session and clear the previous session using the above code, the previously generated session id is active. Is there anything else to do for deactivating or killing previous sessions

Thanks,

Anu

Answers (1)

Hello Anu,

If you are using form-based authentication then you need to do below to make sure your session will kill when you log out from syste,

protected void SignOut_Click(object sender, EventArgs e)
{
    
    Session.Clear();   
    Session.Abandon(); 

    // Sign out the user from Forms Authentication (if applicable)
    FormsAuthentication.SignOut();

    //Clear all cookies including authentication cookies
    HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, "")
    {
        Expires = DateTime.Now.AddDays(-1), 
        HttpOnly = true
    };

    Response.Cookies.Add(authCookie);

    Response.Redirect("~/Login.aspx");
}

Next Recommended Forum

How to host the .net web application on the azure

How relevent is the web forms in todays tech ?