With performance counter to observe the "Sessions Total", I found the # of session stays the same after users logout. Is this expected behavior in IIS7?
Her开发者_C百科e is the logout implementation:
Session.Clear();
Session.Abandon();
FormsAuthentication.SignOut();
Thanks.
I think you're looking at the wrong counter:
- Sessions Total is the total number of sessions since the web application was started (this number will never go down, except if you restart the web app)
- Sessions Active is the current number of active sessions (<- this is what you want to look at)
Session is NOT inherently tied to forms authentication, if that's what you're using. Are you calling Session.Abandon()
when a user logs out of your app? Even so, if a user discontinues using the app without signing out, the session will remain open until it expires. The session expiration time can be set in the web.config.
One session might be destroyed but another one is created shorty there after. Just because the user isn't authenticated any longer doesn't mean that he or she doesn't have a session state.
It's very likely that the session is destroyed but upon the next request (which i presume is on the same domain/server causes the session id to be reused and thus creating an empty session state with the same session id)
All this is of course assuming that you redirect to a location within the same web site immediately after logging someone out.
Do you logout your user like this?
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
HttpContext.Current.User = null;
FormsAuthentication.SignOut();
精彩评论