Reputation: 735
Why Doesn't Asp.Net Session.Clear() Work On Close Tab When I See It Run?
I have been attempting to get a clean break from a session when a tab is closed for a workplace system used by supervisors and others. I am successful when the person logs out - all is cleared. However, when a tab is closed, it can be reopened at will as if session.clear() was never called.
I am using this javascript:
$.ajax({
type: "POST",
url: "default.aspx/EndSession",
data: "{}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (msg) { }
});
to call this web method:
[WebMethod]
public static string EndSession()
{
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
HttpContext.Current.User = null;
FormsAuthentication.SignOut();
return "";
}
I set a breakpoint and watch the code execute as I step through it and it returns. The tab closes, and then I right-click and select "reopen closed tab" and the page comes back and the session is still active.
I see here ppl saying this is not possible, but don't understand why, since the code is running on the server - I'm watching it run, and the session is not cleared. I would have thought this was the point of an explicit call to "Session.Clear()" and "Session.Abandon()". The same code in the logout Page_Load works great.
Why? What am I missing? Is the session clear being thrown out after running because the tab is closed?
Thanks!
Upvotes: 1
Views: 1204
Answers (1)
Reputation: 434
Try to add Session.RemoveAll(); and redirect to another page too?
public static string EndSession()
{
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
HttpContext.Current.Session.RemoveAll();
HttpContext.Response.Redirect("~/login.aspx", true);
HttpContext.Current.User = null;
FormsAuthentication.SignOut();
return "";
}
In addition to code above add on Page_Load:
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
HttpContext.Current.Response.Cache.SetNoServerCaching();
HttpContext.Current.Response.Cache.SetNoStore();
I am not 100% sure of it will work, I thought to write it hopefully it can be of some help.
Upvotes: 1
Related Questions
- Why Session.Clear() - doesn't work?
- Close/kill the session when the browser or tab is closed
- Asp.Net Session Variables not being abandoned when browser window is closed?
- Remove session ASP.NET c# when the user close the tab
- C# Clear Session
- Kill Asp.Net session when the browser or tab is closed
- Authentication clear when tab closed in a browser
- MVC : How to clear session and close the current browser tab on click of logout?
- Closing the browser should actually clear the session variables an ASP.net session id
- Clearing a session