guru_sami
asked on
Session_Start firing upon every request
Session_Start is firing upon every request in an asp.net Application after calling Session.Abandon() and FormsAuthentication.SignOu t().
I have attached sample code that shows the behavior I am seeing. Follow the steps below with the sample code.
1: Set breakpoints on Session_Start and Session_End method in global.asax
2: Login into the website
3: Use links provided to navigate between two pages(Home and Page2).
4: Click Logout but don't close the browser
5: Repeat step 2-3
After second login you will see Session_Start and Session_End is called upon every page request i.e. when you navigate between home and page2. The most important thing is Session_End is called immediately after Session_Start before the page is shown.
Points to note:
1: I am doing manual logout in the logout.aspx.cs by calling FormsAuthentication.Signou t() and also calling Session.Abandon.
2: If I comment out the Session.Abandon() in the logout.aspx.cs page, it works fine and Session_Start doesn't fire upon every request.
3: I have tried IE and FF.
There is something really small concept I am missing about Session here. Anyone has any ideas?
PS: I wasn't able to upload .asax file but here is the content of global.asax.
login.zip
I have attached sample code that shows the behavior I am seeing. Follow the steps below with the sample code.
1: Set breakpoints on Session_Start and Session_End method in global.asax
2: Login into the website
3: Use links provided to navigate between two pages(Home and Page2).
4: Click Logout but don't close the browser
5: Repeat step 2-3
After second login you will see Session_Start and Session_End is called upon every page request i.e. when you navigate between home and page2. The most important thing is Session_End is called immediately after Session_Start before the page is shown.
Points to note:
1: I am doing manual logout in the logout.aspx.cs by calling FormsAuthentication.Signou
2: If I comment out the Session.Abandon() in the logout.aspx.cs page, it works fine and Session_Start doesn't fire upon every request.
3: I have tried IE and FF.
There is something really small concept I am missing about Session here. Anyone has any ideas?
PS: I wasn't able to upload .asax file but here is the content of global.asax.
login.zip
<%@ Application Language="C#" %>
<script runat="server">
void Session_Start(object sender, EventArgs e)
{
//set breakpoint
}
void Session_End(object sender, EventArgs e)
{
//set breakpoint
}
</script>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you want the user to keep using the same session ID use Session.Clear() instead of Session.Abandon()
ASKER
@Stephan,
The SessionID is remaining the same and that's because I am not closing the browser. And it remains the same even after setting some dummy session. SessionID changes only with new browser.
@crisco96,
No, it's not I want to reuse the SessionID because it always remains the same with or without Session.Abandon.
In general what I am looking for is what is causing this?
1: Setting a dummy session in Session_Start makes it work so what does it do?
2: It works fine if I change the framework to 4.0. So what change in 4.0 makes it work?
The SessionID is remaining the same and that's because I am not closing the browser. And it remains the same even after setting some dummy session. SessionID changes only with new browser.
@crisco96,
No, it's not I want to reuse the SessionID because it always remains the same with or without Session.Abandon.
In general what I am looking for is what is causing this?
1: Setting a dummy session in Session_Start makes it work so what does it do?
2: It works fine if I change the framework to 4.0. So what change in 4.0 makes it work?
ASKER
"..a new session ID is generated for each page request until the session object is accessed."
Yes, I see that but once you start using the session or even if you just define an empty Session_Start block in your Global.asax, the SessionID becomes constant.
You can try in by simply outputting SessionID in the default.aspx and Page2.aspx in the sample code I provided.
Yes, I see that but once you start using the session or even if you just define an empty Session_Start block in your Global.asax, the SessionID becomes constant.
You can try in by simply outputting SessionID in the default.aspx and Page2.aspx in the sample code I provided.
ASKER
Didn't get accurate answer.