locked
Session.Abandon causes all sessions on site to abandon instead of isolating request to the user only RRS feed

  • Question

  • User874351127 posted

    Using IIS 7 with classic ASP and when the web app runs a session.abandon it appears that all the sessions on the machine are abandoned and all users get kicked out.

    Any help with this would be appreciated. Thanks.

    Thursday, November 3, 2016 8:29 AM

All replies

  • User1278090636 posted

    Hi Sankaran,

    Using IIS 7 with classic ASP and when the web app runs a session.abandon it appears that all the sessions on the machine are abandoned and all users get kicked out.

    The Abandon method destroys all the objects stored in a Session object and releases their resources.

    So all users get kicked out after you call session.abandon.

    If you do not call the Abandon method explicitly, the server destroys these objects when the session times out.

    You can find more about the session.abandon in the following link.

    https://msdn.microsoft.com/en-us/library/ms524310(v=vs.90).aspx

    Best Regards,

    Jean

    Friday, November 4, 2016 3:01 AM
  • User874351127 posted

    Hi Jean,

    Thanks for your valuable replay. Now i am getting session.abandon clear idea.

    Below is my requirement for my application  to avoid session Hijacking

    1. After successful login regenerate session ID

    2. While logout need to clear the session is and values

     Kindly advice how to handle the above requirement

    Best Regards,

    S.Sankaran

    Friday, November 4, 2016 9:57 AM
  • User-1122936508 posted

    Session.Abandon only destroys the current Session, not all sessions.

    If all sessions are being destroyed, then it's something about your code that's causing the issue - where/how are you calling session.abandon?

    Sunday, November 6, 2016 5:48 AM
  • User-980872515 posted

    use Session.Clear(); instead of session.abandon;
    Session.clear() is only clears current session data.

    Saturday, November 19, 2016 5:15 AM
  • User-1122936508 posted

    use Session.Clear(); instead of session.abandon;
    Session.clear() is only clears current session data

    There is no such method .Clear()

    Here is the ASP Session object reference:

    https://msdn.microsoft.com/en-us/library/ms524319(v=vs.90).aspx

    Monday, November 21, 2016 4:49 AM