This post illustrate the 3 main steps to manage session in Web Forms application. This is not the only one way to do this, but it’s easy and responsive to a better user experience.
Step 1
In the Global.asax.cs in the Session_Start event add this code:
// Code that runs when a new session is started if (Context.Session != null) { if (Context.Session.IsNewSession)//|| Context.Session.Count==0) { string sCookieHeader = Request.Headers["Cookie"]; if ((null != sCookieHeader) && (sCookieHeader.IndexOf("ASP.NET_SessionId") >= 0)) { //if (Request.IsAuthenticated) FormsAuthentication.SignOut(); Response.Redirect(Utility.Costants.PAGES_SESSIONEXPIRED); } } }
and also in the Session_End event
Session.Clear();
Step 2
Add this in the web.config
<sessionState mode="InProc" timeout="30"> <providers> <clear/> </providers> </sessionState>
Step 3
Create a custom Logout page and add this snippet on the Page_Load
if (User.Identity.IsAuthenticated) { Session.Clear(); Session.Abandon(); Request.Cookies.Clear(); FormsAuthentication.SignOut(); }
Enjoy!