This forum is closed. Thank you for your contributions.

Sign in

Microsoft.com

Microsoft

Remove From My Forums

Session Fixation Issue in aps.net mvc 3 application

Question
0

Sign in to vote
I have developed a ASP.NET MVC 3 (with Visual C#) application. In this, i used forms authentication for user login. When the user logs off, i use the following code to clear the session.

FormsAuthentication.SignOut();

Response.Cookies[

FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(-1);

Response.Cookies.Add(

newHttpCookie("ASP.NET_SessionId", ""));



this.Session.Abandon();



this.Session.Clear();

But the session remains invalidated in the server. Why the session remains valid even after its cleared?
- Moved by Bob Shen Friday, May 3, 2013 5:42 AM
Tuesday, April 16, 2013 10:09 AM

Answers

1

Sign in to vote
Try posting in http://forums.asp.net/
Mark Answered, if it solves your question and Vote if you found it helpful.
Rohit Arora
- Proposed as answer by Just Karl Wednesday, January 15, 2014 11:19 PM
- Marked as answer by Just Karl Thursday, January 23, 2014 10:56 PM
Tuesday, April 16, 2013 10:35 AM

All replies

1

Sign in to vote
Try posting in http://forums.asp.net/
Mark Answered, if it solves your question and Vote if you found it helpful.
Rohit Arora
- Proposed as answer by Just Karl Wednesday, January 15, 2014 11:19 PM
- Marked as answer by Just Karl Thursday, January 23, 2014 10:56 PM
Tuesday, April 16, 2013 10:35 AM
0

Sign in to vote

Hello,

Specifically, this should be asked in the ASP.Net MVC forum on forums.asp.net.

Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Wednesday, January 15, 2014 11:19 PM