ASP.NEt Session life cycle

Hi all,
We used the session to transfer data between .NEt pages.
I  found the values in the session variables will be shared between tabs and even two IE browser windows.

I wonder if all sessions can be cleaned when the user opens a new IE browser window.

Many Thanks,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

F IgorDeveloperCommented:
A "session" is shared among all windows pointing to the same base URL, including new "tabs".
Opening new tabs or windows is an external event,  and all requests
uses the same session variables. So, if you clear the session variables it applies to all opened windows: all windows will lost their session variables.
Member_2_1316035Author Commented:
So to be safe, the user should not open more than one IE window for the same URL.

Shaun KlineLead Software EngineerCommented:
Sessions are not tied directly to Internet Explorer. The Session object is created by IIS specifically for the browser that accessed the website. (I.E. a session would not be shared between IE and FireFox.) When you first access a website and a session is created, a unique number is assigned that session and IE uses that number when it accesses the website on each subsequent attempt (or at least until the session times out). Hence, when you open an new tab or a new browser window in IE, it will use the same session number.

However, if you open a new browser window using the IE shortcut on your desktop, a new unique session is created.

If you wanted to clean up the session, you can either close all of your browser windows, or your .Net pages could implement a Session.Abandon option.
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

If you want to that user should be able to start different sessions in different tabs (like user should be able to log into your website with two different user accounts using tabs or different windows) then user the cookie-less sessions. You can set this option in web.config file.

   ..... other sessionstate attributes

In this case, the session ID will be appended in the URL and hence the request from new tab or new window will start a new session.  
Member_2_1316035Author Commented:
I like this idea. and I have tried it.
But it seems the system put the token on the URL:
Any idea?

thank you very much,
I mentioned in the above comment that cookieless session will apeend the session id (token) in the URL. There is nothing to worry in it.
In your case, when a user tries to open "https://XXX/web/login.aspx" from two different tabs, she will see two different session ids. But when user clicks on buttons, links etc on the same tab, she will get the same session id.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Member_2_1316035Author Commented:
As long as there is no security concern, I will use it on our site.
Thank you again.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.