I have an website. When the user is logged the session details will loaded. When the user logged out the session details will abandoned. (Log out by clicking the logout menu) when the user simply closes the browser then how to destroy the session.
In the next time its get logging with the same session data. I need to avoid this.
As part of your handling of the logout, call Session.Clear() to clear the key/value pairs:
http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.clear.aspx
Here is an interesting post detailing this.
Page.Unload() isn't called when the user leaves the site, it's called when the engine is finished rendering it, right before HTML is sent to the browser. There is no access to the page through once that's happened.
I know in PHP you can use AJAX to call a PHP function with javascript. I don't know if this is possible with ASP.Net, or will work for sessions.
You could configure your sessions to time out quicker.
In web.config:
< sessionState ... timeout="5" />
You have basically two options:
Each solution will work on 99%, if you combine them, you should be pretty much set on 99.99% of cases. Depends how important this behavior is to you.
You can use the Page.OnUnload javascript event to make a request to a page that calls Session.Abandon(). This will cause the users session to be deleted whenever he leaves your site.
It sounds like you are using a persistent cookie to store the authentication ticket. Try setting the second parameter (createPersistentCookie) of the SetAuthCookie method to false, i.e. FormsAuthentication.SetAuthCookie("myusername", false);
try
{
Session["Admin"] = null;
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Session.Abandon();
Session.Clear();
Page.Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Redirect("Dep_NewUserCreate.aspx");
}
catch(Exception ExLink)
{
Response.Redirect("Dep_NewUserCreate.aspx");
}
