Reputation: 4345
asp.net 4.0 session not terminating on browser close
I have an asp.net 4.0 webpage that uses forms authentication. Everything works fine however I am not sure if asp.net is suppose to automatically doing this but when I close my browser after logging in when I open again it takes me to the authenticated page. Shouldn't it destroy the session when the browser closes? If not what is the best way to provide security against this by killing the session or something similar?
Upvotes: 0
Views: 2018
Answers (1)
Reputation: 8098
An ASP.NET session will not end by simply closing out your browser. ASP.NET maintains your session id by writing a cookie to your browser (assuming you haven't set it to a cookieless session). By default, your session is set with a timeout of 20 minutes. This means that, in general, your session will be available to that browser for the duration of that cookie.
As a security measure, it would be possible to provide some sort of logout functionality on your site. That could then call Session.Abandon that would kill your session.
Upvotes: 3
Related Questions
- ASP.NET session state after closing browser
- Session closing in MVC 4
- ASP.NET MVC Session still active on Browser Close
- session abandon is not working in ASP.NET
- Session becomes null after browser is closed
- ASP.net Session Destroy if he closes the browser
- abandon session in asp.net on browser close..kill session cookie
- Session_End code on browser close
- Session not ending in ASP.NET
- Ending Session on Browser close?