Tuesday, April 23, 2019

ASP.NET: logout user and invalidate the session


When logging out the user, we need to abandon the session on the server side and remove the session id from the client side. For example, in the Page_Load() method:

if (!IsPostBack) {
  // Invalidate the old session. A new session will be started.
  Session.Abandon();

  // Clear the session ID from the client side. 
  // Otherwise, the old session ID will be recycled by default.
  Response.Cookies["ASP.NET_SessionId"].Value = "";
}

No comments:

 
Get This <