Asp.Net Session Variables not being abandoned when browser window is closed?

This is a strange issue and not sure what is going on. I am using IIS7 and .net 4.0 to being.

It seemed to keep the session cookies from staying on the client after the browser was closed. Another strange this is that I can close the IE and open FireFox and the session is in there too. HOW IS THAT? I am thinking it is how my environment is setup. I have the sessions set for InProc and using cookies in IIS. What is different in IIS7?

Update: I am using integrated mode for my app pool. I looked at an older site I created using .net 3.5 and iis6 running on Sever2003. I can log into the site and it creates the session variable for me. I then go to FireFox and open the same site. It requires me to log in (my application will take you to your prfile if a session exists). If I then close IE and reopen IE, then go back to my site, it requires me to log in again. What is happening with iis7 and my current application, is quite odd. The only difference in how my session is pulled is that I am getting the variable while casting the current handler to the Page object: (Page)HttpContext.Current.Handler

Update: well, I think i found where the issues is and it has to do with casting the HttpContext.Current.Handler to the current page object. I have a configuration file where I wanted to put a property so all other classes could reference a central point to grab the User session object I created. The HttpContext.Current.session was always null and someone had suggested casting the HttpContext.Current.Handler. I created a simple page that checks to see if a session varaible has been created and if not it creates it. T开发者_JS百科hen I print out the value. When I close the browser, the session is GONE. So, that is working. The code I had origianlly in this message was really for the back button, but I am not in need of that thank for Andrew pointing that out. So I guess it is not clear why that session pulled from the Hnadler is always available until I speicifcally clear it.

A session is ended after a specified amount of inactivity (default 20 minutes). Http is stateless, the server can not differ from someone who leaves the browser open but doesn't issue any requests from someone who closes their browser window.

Session_OnEnd is only triggered for InProc session state. Only way for IE and Firefox to share session would be cookieless sessions, where the session id is embedded in the url, and you copy the url between browsers.

Try this to clear your Session:

 HttpContext.Current.Session.Clear();
 HttpContext.Current.Response.Cookies.Clear();

Well, I never got an answer to this and still not sure why the HttpContext.Current.Handler was always holding onto my session. So, I ended up changing how I was setting and getting my Session variable. Thanks to everyone for looking at this.