Is my C# Logout() function efficient/normal?

Hi, here is what I came up for my logout function:

protected void Logout() 
{
    Session["id"] = null;
    Session["name"] = null;
    Session.Remove("id");
    Session.Remove("name");
    Session.Abondon(); 
}

Open in new window


Is this efficient/normal for a C# Logout system?
FairyBusinessAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

käµfm³d 👽Commented:
Line 7 will implicitly accomplish what lines 3 - 6 are doing. In other words, I think all you need is line 7.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FairyBusinessAuthor Commented:
Do you know why people use the other two methods then? (I googled and found all three but wasn't sure what was the best so I just did them all)
0
käµfm³d 👽Commented:
This:

Session["id"] = null;

Open in new window


just empties the value that is stored under key "id". The key still exists, but it doesn't have any corresponding value.

This:

Session.Remove("id");

Open in new window


removes the value that is stored under key "id" and it also removes the key "id" from the collection.

This:

Session.Abondon();

Open in new window


kills the entire session, causing all session variables to be removed/destroyed and it causes the Session_End even to fire. If your user goes to a different page (that doesn't have the above code), then they will get an entirely new session and session id.

Here is a small project to demonstrate the differences:

Markup
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="_27524242._Default" %>
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Collections.Generic" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        Key's value is: <%= Session["key"] as string %>
    </div>
    <div>
        Key exists? <%= Session.Keys.OfType<string>().Contains("key") ? "Yes" : "No" %>
    </div>
    <div>
        <asp:Button ID="Button1" runat="server" Text="Give Value" 
            onclick="Button1_Click" />
        <asp:Button ID="Button2" runat="server" Text="Set to Null" 
            onclick="Button2_Click" />
        <asp:Button ID="Button3" runat="server" Text="Call Remove" 
            onclick="Button3_Click" />
    </div>
    </form>
</body>
</html>

Open in new window


Code-Behind
using System;

namespace _27524242
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Button1_Click(object sender, EventArgs e)
        {
            Session["key"] = "hello world!";
        }

        protected void Button2_Click(object sender, EventArgs e)
        {
            Session["key"] = null;
        }

        protected void Button3_Click(object sender, EventArgs e)
        {
            Session.Remove("key");
        }
    }
}

Open in new window

0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

FairyBusinessAuthor Commented:
Thanks again, you're great!
0
mrRanyCommented:
It is not a part of your question. Just wanted to share one trick.
If you wish to re-initiate Session (to change its ID and reset all values) then use:
SessionIDManager Manager = new SessionIDManager();
string SessionID = Manager.CreateSessionID(Context);
string OldID = Context.Session.SessionID;
bool redirected = false;
bool IsAdded = false;
Manager.SaveSessionID(Context, SessionID, out redirected, out IsAdded);

Open in new window

0
FairyBusinessAuthor Commented:
@mrRany thanks, but I got a few questions now! Is the SessionIDManager a class already apart of ASP.NET? What does the Context variable hold/mean?  What kind of function is the SaveSessionID?
0
mrRanyCommented:
You need to add
using System.Web.SessionState;

Open in new window

Each session gets own unique ID via SessionIDManager (yeap, .Net class);
Context
Summary: Gets the System.Web.HttpContext object associated with the page.
Returns: An System.Web.HttpContext object that contains information associated with the current page.
SaveSessionID:
Saves a newly created session identifier to the HTTP response.
0
FairyBusinessAuthor Commented:
For example, is this sql table stuff like a session? the details of the user only exist while they are logged in?

It says if exists. If what exisits? A session variable? This seems like a lot of work for not a lot of return.

if exists (select * from sysobjects where id = 
object_id(N'[dbo].[Users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[Users]
GO
CREATE TABLE [dbo].[Users] (
   [uname] [varchar] (15) NOT NULL ,
   [Pwd] [varchar] (25) NOT NULL ,
   [userRole] [varchar] (25) NOT NULL ,
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Users] WITH NOCHECK ADD 
   CONSTRAINT [PK_Users] PRIMARY KEY  NONCLUSTERED 
   (
      [uname]
   )  ON [PRIMARY] 
GO

INSERT INTO Users values('user1','user1','Manager')
INSERT INTO Users values('user2','user2','Admin')
INSERT INTO Users values('user3','user3','User')
GO

Open in new window

0
mrRanyCommented:
if exists

Open in new window

only means that DB engine should check before if table Users exists in your DataBase. If yes then Drop (delete). Then creating table query.
0
FairyBusinessAuthor Commented:
That comment was for the other question:  How to use ASP.NET's form authentication?
But thanks for answering!
0
mrRanyCommented:
Yeah, because I am following so many your questions.
I will stop making you crazy.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C#

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.