Deactivate Current Session

poojasureshkumar
poojasureshkumar used Ask the Experts™
on
Hi,
how to deactivate session using C#. I don't want any web.configuration settings . I like to deactivate the session from C# code.

var sessionID = HttpContext.Current.Session.SessionID;
if (HttpContext.Current.Session["UserID"] == null) // for example....
              {
                  <<<NEED TO DEACTIVATE SESSION HERE>>>
              }

i tried Session.Abandon(), it is not working.

Kind regards,
Pooja
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chinmay PatelChief Technology Ninja
Distinguished Expert 2018

Commented:
Hi Pooja,

Session.Abandon should do the trick. What exactly you are trying to handle here?

Regards,
Chinmay.

Author

Commented:
Hi Chinmay,
When i do this
 HttpContext.Current.Session.Abandon();
 string  sess = HttpContext.Current.Session.SessionID;
                      if(!string.IsNullOrEmpty(sess))
                          log("\r\n Abondon " + sess); <<<Am seeing session>>>
                   
                      HttpContext.Current.Session.Clear();
                     
                      sess = HttpContext.Current.Session.SessionID;
                      if (!string.IsNullOrEmpty(sess))
                          log("\r\n clear " + sess);<<<Am still seeing session>>>
 
Kind regards,
Pooja
by default the session id is saved on the client. Therefore, as long as the session does not expire, it will use the same ID so execute Session.Abandon (). Therefore, to force the closing of the session in the client, you must do something similar to the following:

Session.Abandon (); 
Response.Cookies.Add (new HttpCookie ("ASP.NET_SessionId", ""));

Open in new window

Alternatively, you can use the configuration without cokies:
<system.web> 
       <sessionState cookieless = "true"  regenerateExpiredSessionId = "true" /> 
</system.web>

Open in new window

In this case you only need to make Session.Abandon ()
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

ǩa̹̼͍̓̂ͪͤͭ̓u͈̳̟͕̬ͩ͂̌͌̾̀ͪf̭̤͉̅̋͛͂̓͛̈m̩̘̱̃e͙̳͊̑̂ͦ̌ͯ̚d͋̋ͧ̑ͯ͛̉Glanced up at my screen and thought I had coded the Matrix...  Turns out, I just fell asleep on the keyboard.
Most Valuable Expert 2011
Top Expert 2015

Commented:
Session.Clear doesn't terminate the session; it just removes all the values that are currently stored in it. Session.Abandon terminates the session (and also clears all the values).

Author

Commented:
hi jcgd,
This is what am looking for..
after making these changes, am still seeing same sessionid...

Session.Abandon ();
 Console.WriteLine( HttpContext.Current.Session.SessionID);
Response.Cookies.Add (new HttpCookie ("ASP.NET_SessionId", ""));
 Console.WriteLine( HttpContext.Current.Session.SessionID);

Kind regards,
Pooja
The new session will be created at the client's next request. therefore, the verification should not be done immediately but in the next request because it is there where the new session will be generated.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial