What is the difference between Session Abandon and Session Clear

Question

What is the difference between destroying a session and removing its values  Can you please provide an example demonstrating this   I searched for this question  but don t grasp total answer  Some answers are    Session Abandon   destroys the session Session Clear   just removes all values   A friend told me this      Clearing the session will not unset   the session  it still exists with the   same ID for the user but with the   values simply cleared       Abandon will destroy the session   completely  meaning that you need to   begin a new session before you can   store any more values in the session   for that user    The below code works and doesn t throw any exceptions   Session Abandon    Session  tempKey1      tempValue1        When you Abandon   a Session  you  or   rather the user  will get a new   SessionId   When I test Session  it doesn t makes any change when I Abandon the session   I just find one difference  session Abandon   raises Session End event

User · Answer

Existence of sessionid can cause the session fixation attack that is one of the point in PCI compliance  To remove the sessionid and overcome the session fixation attack  read this solution - How to avoid the Session fixation vulnerability in ASP NET

User · Answer

Clearing a session removes the values that were stored there  but you still can add new ones there  After destroying the session you cannot add new values there

User · Answer

This is sort of covered by the various responses above  but the first time I read this article I missed an important fact  which led to a minor bug in my code     Session Clear   will CLEAR the values of all the keys but will NOT cause the session end event to fire   Session Abandon   will NOT clear the values on the current request  IF another page is requested  the values will be gone for that one  However  abandon WILL throw the event   So  in my case  and perhaps in yours    I needed Clear   followed by Abandon

User · Answer

clear-its remove key or values from session state collection    abandon-its remove or deleted session objects from session

User · Answer

this code works and dont throw any exception   Session Abandon      Session  tempKey1      tempValue1      It s because when the Abandon method is called  the current Session object is queued for deletion but is not actually deleted until all of the script commands on the current page have been processed  This means that you can access variables stored in the Session object on the same page as the call to the Abandon method but not in any subsequent Web pages   For example  in the following script  the third line prints the value Mary  This is because the Session object is not destroyed until the server has finished processing the script    lt      Session Abandon     Session  MyName      Mary     Reponse Write Session  MyName       gt    If you access the variable MyName on a subsequent Web page  it is empty  This is because MyName was destroyed with the previous Session object when the page containing the previous example finished processing   from MSDN Session Abandon

User · Answer

Session Abandon      will destroy kill the entire session   Session Clear     removes clears the session data  i e  the keys and values from the current session  but the session will be alive   Compare to Session Abandon   method  Session Clear   doesn t create the new session  it just make all variables in the session to NULL   Session ID will remain same in both the cases  as long as the browser is not closed   Session RemoveAll     It removes all keys and values from the session-state collection   Session Remove     It deletes an item from the session-state collection   Session RemoveAt     It deletes an item at a specified index from the session-state collection   Session TimeOut     This property specifies the time-out period assigned to the Session object for the application   the time will be specified in minutes     If the user does not refresh or request a page within the time-out period  then the session ends

User · Answer

I think it would be handy to use Session Clear   rather than using Session Abandon     Because the values still exist in session after calling later but are removed after calling the former

User · Answer

Clear - Removes all keys and values from the session-state collection   Abandon - removes all the objects stored in a Session  If you do not call the Abandon method explicitly  the server removes these objects and destroys the session when the session times out  It also raises events like Session End     Session Clear can be compared to removing all books from the shelf  while Session Abandon is more like throwing away the whole shelf   You say      When I test Session  it doesn t makes any change when I Abandon the session    This is correct while you are doing it within one request only  On the next request the session will be different  But the session ID  can be reused so that the id will remain the same   If you will use Session Clear you will have the same session in many requests     Generally  in most cases you need to use Session Clear  You can use Session Abandon if you are sure the user is going to leave your site   So back to the differences    Abandon raises Session End request  Clear removes items immidiately  Abandon does not  Abandon releases the SessionState object and its items so it can ba garbage collected to free the resources  Clear keeps SessionState and resources associated with it

User · Answer

this code works and dont throw any exception   Session Abandon      Session  tempKey1      tempValue1     One thing to note here that Session Clear remove items immediately but Session Abandon marks the session to be abandoned at the end of the current request  That simply means that suppose you tried to access value in code just after the session abandon command was executed  it will be still there  So do not get confused if your code is just not working even after issuing session abandon command and immediately doing some logic with the session

User · Answer

When you Abandon   a Session  you  or rather the user  will get a new SessionId  on the next request    When you Clear   a Session  all stored values are removed  but the SessionId stays intact

[asp.net] What is the difference between Session.Abandon() and Session.Clear()

Examples related to asp.net

Examples related to session

Examples related to asp.net-session