This is the background of my app:
I have built an ASP.NET-C# application. I have enabled Forms Authentication by authenticating user id and password stored in my SQL Server database.
The Session is configured as InProc in the webconfig file.
The are unsecure and secure pages in the website. Unsecure pages can be accessed by anyone browsing the site and Secured pages can be accessed only by a registered user after login.
I have used objects stored in Session that are used for parameter sharing between different web pages(For both Secure and Unsecure pages).
When the user is logged in, the Session variable retain values . The session parameters are passed correctly to different pages and everything works fine.
But when the user logs out, the app does retain the values of the Session. I tried to debug the code and noticed that for each page, the Session_OnStart is fired.
Is this how this is supposed to work. Or let me know what I am missing?