none
Session Fixation Issue in aps.net mvc 3 application RRS feed

  • Question

  • I have developed a ASP.NET MVC 3 (with Visual  C#) application. In this, i used forms authentication for user login. When the user logs off, i use the following code to clear the session.

    FormsAuthentication.SignOut();          

    Response.Cookies[

    FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);

    Response.Cookies.Add(

    newHttpCookie("ASP.NET_SessionId", ""));

      

    this.Session.Abandon();

               

    this.Session.Clear();

    But the session remains invalidated in the server. Why the session remains valid even after its cleared?

    • Moved by Bob Shen Friday, May 3, 2013 5:42 AM
    Tuesday, April 16, 2013 10:09 AM

Answers

All replies