{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 欢心 的问题《What is the difference between Session.Abandon() a》','https://www.manongdao.com/q-55655.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
What is the difference between destroying a session and removing its values? Can you please provide an example demonstrating this?
I searched for this question, but don't grasp total answer. Some answers are:
Session.Abandon()destroys the sessionSession.Clear()just removes all values
A friend told me this:
Clearing the session will not unset the session, it still exists with the same ID for the user but with the values simply cleared.
Abandon will destroy the session completely, meaning that you need to begin a new session before you can store any more values in the session for that user.
The below code works and doesn't throw any exceptions.
Session.Abandon();
Session["tempKey1"] = "tempValue1";
When you Abandon() a Session, you (or rather the user) will get a new SessionId
When I test Session, it doesn't makes any change when I Abandon the session.
I just find one difference:
session.Abandon() raises Session_End event
clear-its remove key or values from session state collection..
abandon-its remove or deleted session objects from session..
will destroy/kill the entire session.
removes/clears the session data (i.e. the keys and values from the current session) but the session will be alive.
Compare to Session.Abandon() method, Session.Clear() doesn't create the new session, it just make all variables in the session to NULL.
Session ID will remain same in both the cases, as long as the browser is not closed.
It removes all keys and values from the session-state collection.
It deletes an item from the session-state collection.
It deletes an item at a specified index from the session-state collection.
This property specifies the time-out period assigned to the Session object for the application. (the time will be specified in minutes).
If the user does not refresh or request a page within the time-out period, then the session ends.
Existence of sessionid can cause the session fixation attack that is one of the point in PCI compliance. To remove the sessionid and overcome the session fixation attack, read this solution - How to avoid the Session fixation vulnerability in ASP.NET?.
One thing to note here that Session.Clear remove items immediately but Session.Abandon marks the session to be abandoned at the end of the current request. That simply means that suppose you tried to access value in code just after the session.abandon command was executed, it will be still there. So do not get confused if your code is just not working even after issuing session.abandon command and immediately doing some logic with the session.