"What to do with session when we logout in an ASP.NET application?" This is a basic question that should be clear in mind of every ASP.NET
developer. Though this thing has been answered in many places, but i
didnot found the collective ans that easily. I will try below to make
the things simple and clear.
Normally when we store the session value for user we do some thing like this
User becomes the key for storing session and Customer class object
becomes the value. This is just an expample as we all know that you can
know you can store any type, content, value with a key in a session(Note
that there are certain good practices or key pointers on what kind of
data should be stored in session, will cover that in a seperate article
What this statement does is, it adds a session variable with key
value pair and you depend on it to identify whether the user is logged
in or logout.
Now coming back to our topic “How to logout?”. You can do three
But now we need to understand when to use what. Let me explain it one by one
It clears a session simple! OK that means it clears all the key value pairs stored in the session state collection but thats it. Nothing more. You will get rid of all key value pairs but the
sessionid is still there and you can still identify the session state by
comparing sessionid. The Session state collection still exist with the
same session id. Use this in situation, say you have a shopping site the the user is still not logged in. Now say you want to clear a shopping cart. That means you will clear all session dependencies for anonymous user.
This chap just calls the above clear method in its impementation, so for
ease you can say there is no difference. See the following code:
public sealed class HttpSessionState : ICollection, IEnumerable
public void RemoveAll()
It removes the specific session’s specific key value pair. Use this if
you do not want to get rid of all key value pairs in session state
collection but only a specific one. A typical usage is in scenario where
you use a session variable to store state information across a section
of a website, say you customer is using a coupon in there shopping cart
checkout process. You decide that you want to store this information in
session rather in database till the transaction is confirmed. So this
session variable makes sense only inside the checkout process and you
would wish to remove this variable when the process is complete or
This is the absolute winner if your purpose for reading this article to
find the absolute way to destroy everything in terms of session. It even
destroys the session state collection and that particular sessionid.
Moreover it also raises event Session_End inside global.asax, informing
that mission is complete, at allows you to take some action based on the
situation, say you want to decrement a counter for active users
One thing to note here that Session.Clear remove items immediatly but
Session.Abandan marks the session to be abandoned at the end of the
current request. That simply means that suppose you tried to access
value in code just after the session.abandon command was executed, it
will be still there. So do not get confused if your code is just not
working even after issueing session.abandon command and immideatly doing
some logic with the session.
More Details : Garbage Collection
If you are thinking about resources, memory hence Garbage Collection, read on.
1. Session.Clear : Releases all key value pairs
immideatly and make them available for garbage collection. But the
Resource used by SessionState Collection are intact and booked as is.
2. Session.Abandon : Releases sessionstate itself to
be garbage collected when chance arrives. Only point to note that it
happens just before the current request is fulfilled.
Also i have seen many places that they use ultimate combination as following:
Dont do that please. Just think about the purpose and use the
appropriate command. Dont use it just because it works in all situation
but just think unnecessary work that is going on to fullfill these
commands all together.
Just know what you are doing