I'm developing a website with asp.net, visual studio 2012, IIS8, .Net Framework 4.
I use SESSIONS to store user information after login.
when user click sign in button, I send information to .ashx file like this:
var url = "SignIn.ashx?username=" + UserName.value + "&password=" + PassWord.value;
xmlRequest_SignIn.open("GET", url);
xmlRequest_SignIn.onreadystatechange = function () { ApplyUpdateSignIn() }
xmlRequest_SignIn.send(null);
SignIn.ashx:
... // check login information and then
HttpContext.Current.Session["UserName"] = username.toString();
...
Now in every page of my website, I check this session to authenticate the user in ajax:
var url = "CheckMemberAccount.ashx";
xmlRequest_member.open("GET", url);
xmlRequest_member.onreadystatechange = function () { ApplyUpdateGetMemberAccount() }
xmlRequest_member.send(null);
CheckMemberAccount.ashx:
if (Convert.ToString(HttpContext.Current.Session["UserName"]) == "" || null == HttpContext.Current.Session["UserName"])
{
// user not logged in
}
else
{
// user logged in
}
For log out I use ajax too:
var url = "SignOut.ashx";
xmlRequest_SignOut.open(GET, url);
xmlRequest_SignOut.onreadystatechange = function () { ApplyUpdateSignOut() }
xmlRequest_SignOut.send(null);
SignOut.ashx:
// I try everything to make the session null or invalid!
// BUT it doesn't take effect in Internet Explorer !!
HttpContext.Current.Session["UserName"] = "";
HttpContext.Current.Session["UserName"] = null;
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.RemoveAll();
HttpContext.Current.Session.Abandon();
HttpContext.Current.Request.Cookies["ASP.NET_SessionId"].Value = "";
As you can see I've tried everything to make session null or invalid.
This code works well in all browsers(Chrome, FireFox, Safari, Opera, Netscape, ...) EXCEPT in Internet Explorer !
In IE after Signing out, when I check the member acount with CheckMemberAccount.ashx file, the session still remain valid with valid value as if no sign out happened !
This problem is only in IE !!
note that IE settings are all in their defaults.
I have tried Global.asax:
After adding the class, and without adding any code to it ( just keep it unchanged with it's default functions such as Session_Start() ), My problem changed and now I always get null for the session in CheckMemberAccount.ashx ! and again the problem is just in IE !
I didn't find any solution after 3 days.
I'll appreciate any help :)