Question
I'm developing a website with asp.net, visual studio 2012, IIS8, .Net Framework 4.
I use SESSIONS to store user information after login.
when user click sign in button, I send information to .ashx file like this:
https://stackoverflow.com/questions/17007060
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian var url = "SignIn.ashx?username=" + UserName.value + "&password=" + PassWord.value;
xmlRequest_SignIn.open("GET", url);
xmlRequest_SignIn.onreadystatechange = function () { ApplyUpdateSignIn() }
xmlRequest_SignIn.send(null);
SignIn.ashx:
... // check login information and then
HttpContext.Current.Session["UserName"] = username.toString();
...
Now in every page of my website, I check this session to authenticate the user in ajax:
var url = "CheckMemberAccount.ashx";
xmlRequest_member.open("GET", url);
xmlRequest_member.onreadystatechange = function () { ApplyUpdateGetMemberAccount() }
xmlRequest_member.send(null);
CheckMemberAccount.ashx:
if (Convert.ToString(HttpContext.Current.Session["UserName"]) == "" || null == HttpContext.Current.Session["UserName"])
{
// user not logged in
}
else
{
// user logged in
}
For log out I use ajax too:
var url = "SignOut.ashx";
xmlRequest_SignOut.open(GET, url);
xmlRequest_SignOut.onreadystatechange = function () { ApplyUpdateSignOut() }
xmlRequest_SignOut.send(null);
SignOut.ashx:
// I try everything to make the session null or invalid!
// BUT it doesn't take effect in Internet Explorer !!
HttpContext.Current.Session["UserName"] = "";
HttpContext.Current.Session["UserName"] = null;
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.RemoveAll();
HttpContext.Current.Session.Abandon();
HttpContext.Current.Request.Cookies["ASP.NET_SessionId"].Value = "";
As you can see I've tried everything to make session null or invalid. This code works well in all browsers(Chrome, FireFox, Safari, Opera, Netscape, ...) EXCEPT in Internet Explorer !
In IE after Signing out, when I check the member acount with CheckMemberAccount.ashx file, the session still remain valid with valid value as if no sign out happened !
This problem is only in IE !!
note that IE settings are all in their defaults.
I have tried Global.asax:
After adding the class, and without adding any code to it ( just keep it unchanged with it's default functions such as Session_Start() ), My problem changed and now I always get null for the session in CheckMemberAccount.ashx ! and again the problem is just in IE !
I didn't find any solution after 3 days.
I'll appreciate any help :)
Solution
I believe the checkmemberaccount call is being cached in the browser by iE. this has gotten me in trouble many times before. Add a random variable to your Ajax call and I believe your problem will be solved.
You can verify this by using a tool like fiddler. You should see that the browser is caching the GET request. You could also switch from a GET to a POST. POSTS are not cached by IE.
By the way... You should fix this for any get requests that you don't want to cache.
