Click here to Skip to main content
11,567,926 members (45,208 online)
Click here to Skip to main content

How to logout in an ASP.NET application with session – abandon, clear or remove

, 11 Oct 2013 CPOL 44.6K 5
Rate this:
Please Sign up or sign in to vote.
this article describes the session handling while performing a logout proces in any asp.net application

Introduction

"What to do with session when we logout in an ASP.NET application?" This is a basic question that should be clear in mind of every ASP.NET developer. Though this thing has been answered in many places, but i didnot found the collective ans that easily. I will try below to make the things simple and clear.

Let's Begin 

Normally when we store the session value for user we do some thing like this

Session.Add("User",Customer); 

User becomes the key for storing session and Customer class object becomes the value. This is just an expample as we all know that you can know you can store any type, content, value with a key in a session(Note that there are certain good practices or key pointers on what kind of data should be stored in session, will cover that in a seperate article later)

What this statement does is, it adds a session variable with key value pair and you depend on it to identify whether the user is logged in or logout.

Now coming back to our topic “How to logout?”. You can do three things here, Session.Remove(), Session.Clear(), or Session.Abandon(). But now we need to understand when to use what. Let me explain it one by one

1. Session.Clear()

It clears a session simple! OK that means it clears all the key value pairs stored in the session state collection but thats it. Nothing more. You will get rid of all key value pairs but the sessionid is still there and you can still identify the session state by comparing sessionid. The Session state collection still exist with the same session id. Use this in situation, say you have a shopping site the the user is still not logged in. Now say you want to clear a shopping cart. That means you will clear all session dependencies for anonymous user.

2. Session.RemoveAll()

This chap just calls the above clear method in its impementation, so for ease you can say there is no difference. See the following code: 

public sealed class HttpSessionState : ICollection, IEnumerable
{
   .....
   public void RemoveAll()
   {
       this.Clear();
   }
   .....
} 

3. Session.Remove(“key”)

It removes the specific session’s specific key value pair. Use this if you do not want to get rid of all key value pairs in session state collection but only a specific one. A typical usage is in scenario where you use a session variable to store state information across a section of a website, say you customer is using a coupon in there shopping cart checkout process. You decide that you want to store this information in session rather in database till the transaction is confirmed. So this session variable makes sense only inside the checkout process and you would wish to remove this variable when the process is complete or terminated.

4. Session.Abandon()

This is the absolute winner if your purpose for reading this article to find the absolute way to destroy everything in terms of session. It even destroys the session state collection and that particular sessionid. Moreover it also raises event Session_End inside global.asax, informing that mission is complete, at allows you to take some action based on the situation, say you want to decrement a counter for active users somewhere.

One thing to note here that Session.Clear remove items immediatly but Session.Abandan marks the session to be abandoned at the end of the current request. That simply means that suppose you tried to access value in code just after the session.abandon command was executed, it will be still there. So do not get confused if your code is just not working even after issueing session.abandon command and immideatly doing some logic with the session.

More Details : Garbage Collection

If you are thinking about resources, memory hence Garbage Collection, read on.

1. Session.Clear : Releases all key value pairs immideatly and make them available for garbage collection. But the Resource used by SessionState Collection are intact and booked as is.

2. Session.Abandon : Releases sessionstate itself to be garbage collected when chance arrives. Only point to note that it happens just before the current request is fulfilled.

Also i have seen many places that they use ultimate combination as following:

Session.Clear();
Session.RemoveAll();
Session.Abandon();
Response.Redirect("somepage.aspx"); 

Dont do that please. Just think about the purpose and use the appropriate command. Dont use it just because it works in all situation but just think unnecessary work that is going on to fullfill these commands all together. Just know what you are doing :) 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Mangesh V. Devikar
Founder Enziq Solutions Pvt. Ltd.
India India
My key portfolios at Enziq Solutions includes Business Development and Strategy and overseeing Technology operations.
Read more about me at: http://enziq.com/site/Company/mangesh.html or http://mangeshdevikar.enziq.com/about-me/

You may also be interested in...

Comments and Discussions

 
GeneralMy vote of 5 Pin
Humayun Kabir Mamun23-Jun-15 0:21
memberHumayun Kabir Mamun23-Jun-15 0:21 
GeneralMy vote of 3 Pin
Akiii_Lethal23-Oct-14 1:09
memberAkiii_Lethal23-Oct-14 1:09 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150624.2 | Last Updated 11 Oct 2013
Article Copyright 2013 by Mangesh V. Devikar
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid