Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

kill/distroy a session


I currently set my sessions to nothing when the user clicks on logout in a webform.  does this completely remove it from the servers memory, or do i have to use another method to completely get rid of the session from the server?

4 Solutions
i think it just marks it for deleting but the Garbage Collector comes around when it does and then removes it from memory.

You might wanna try, after setting your session to null, something like the following:


to tell the Garbage disposal to remove stuff from memory.


You can use Session.Remove("Name") or Session.RemoveAll to remove your session values.

Garbage Collection is non-deterministic. This means that even by calling the GC.Collect() there is no guarantee that the objects would be removed immediately
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Fred GoodwinVP of Software DevelopmentCommented:
narmi2Author Commented:
Can you please tell me the difference between:


Also if I have 10 webforms, and in form1 I set the Session.TimeOut to 60, does this means that all other Sessions created in any of the other forms will also have a TimeOut value of 60, or will only the sessions in form1 have a timeout value of 60?

And finally how does it know when a session is expired?  Is it possible to display the remaining session time in a textbox which updates to a lower value when the screen is refreshed?

Session.Remove("name") removes the specific item from the Session Collection.

Session.Abandon() destroys the current session and a new one is created. When a session expires and the client makes a HTTP Get or HTTP Post request to the web server, a new session will be created.

Typically, sites that have user credentials used, check for say the Item "UserId" in the Session and if it is not found, we know that the user needs to be authenticated.

The session has what you call a sliding expiry value (something that is also possible in the Cache object). Whenever the server is contacted, if the session has not expired, its timer will be reset to zero (so to speak). So when we say the session is by default 20 minutes. It means that the session will be released/cleared if the user has not contacted the server for more than 20 minutes. This effectively means trying to monitor Session times is difficult, because even though the user may be busy doing stuff on his browser, if that is all client-side, the session is ironically still aging on the server.

So lets say a user receives a big page. Then he starts to interact with the page but this interactionm involves only client-side script. If on the 21st minute, he decides to click on the save button which does a postback, the session would have already expired on the server. But to the user, he has not been idle. To the server, that session however had aged beyond its allotted time period.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now