Member_2_1316035
asked on
ASP.NEt Session life cycle
Hi all,
We used the session to transfer data between .NEt pages.
I found the values in the session variables will be shared between tabs and even two IE browser windows.
I wonder if all sessions can be cleaned when the user opens a new IE browser window.
Many Thanks,
-Jane
We used the session to transfer data between .NEt pages.
I found the values in the session variables will be shared between tabs and even two IE browser windows.
I wonder if all sessions can be cleaned when the user opens a new IE browser window.
Many Thanks,
-Jane
ASKER
So to be safe, the user should not open more than one IE window for the same URL.
thanks,
thanks,
Sessions are not tied directly to Internet Explorer. The Session object is created by IIS specifically for the browser that accessed the website. (I.E. a session would not be shared between IE and FireFox.) When you first access a website and a session is created, a unique number is assigned that session and IE uses that number when it accesses the website on each subsequent attempt (or at least until the session times out). Hence, when you open an new tab or a new browser window in IE, it will use the same session number.
However, if you open a new browser window using the IE shortcut on your desktop, a new unique session is created.
If you wanted to clean up the session, you can either close all of your browser windows, or your .Net pages could implement a Session.Abandon option.
However, if you open a new browser window using the IE shortcut on your desktop, a new unique session is created.
If you wanted to clean up the session, you can either close all of your browser windows, or your .Net pages could implement a Session.Abandon option.
If you want to that user should be able to start different sessions in different tabs (like user should be able to log into your website with two different user accounts using tabs or different windows) then user the cookie-less sessions. You can set this option in web.config file.
<configuration>
<sessionstate
mode="inproc"
cookieless="true"
timeout="20"
..... other sessionstate attributes
/>
</configuration>
In this case, the session ID will be appended in the URL and hence the request from new tab or new window will start a new session.
<configuration>
<sessionstate
mode="inproc"
cookieless="true"
timeout="20"
..... other sessionstate attributes
/>
</configuration>
In this case, the session ID will be appended in the URL and hence the request from new tab or new window will start a new session.
ASKER
I like this idea. and I have tried it.
But it seems the system put the token on the URL:
https://XXX/web/(S(43dsufsxiq))/login.aspx
Any idea?
thank you very much,
But it seems the system put the token on the URL:
https://XXX/web/(S(43dsufsxiq))/login.aspx
Any idea?
thank you very much,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As long as there is no security concern, I will use it on our site.
Thank you again.
Thank you again.
Opening new tabs or windows is an external event, and all requests
uses the same session variables. So, if you clear the session variables it applies to all opened windows: all windows will lost their session variables.