Asp.net session: two different users are able to access the same session
In my website, I am storing some user specific setting in session. But other users are able to access the same session after the first user logout. Isn't session user specific? If yes how come the second user is able to access the session after the first user l开发者_如何学JAVAogs out? In my understanding the second user should not be able to access the first user session even if I don't call session.abandon().
Thanks, Syd
Session itself and FormsAuthentication are not directly tied together. If you want to make sure your entire session is cleared, you'll need to call Session.Abandon()
or clear out the individual items when they log out.
Make sure that when you logout you are actually logging out and not just closing browser i.e. call:
Session.Abandon();
FormsAuthentication.SignOut();
精彩评论