ADBLOCK비활성화

ADBlock이 사이트의 일부 콘텐츠를 차단하고 있습니다.

ADBlock errore
찾은 결과: 

질문

What is the difference between Session.Abandon() and Session.Clear() in ASP.Net?

솔루션

Session.Abandon() will end the current session. Session_End will be fired and the next request will fire the Session_Start event.

Session.Clear will just clear the session data and the the session will remain alive.

Session ID will remain the same in both cases, as long as the browser is not closed.

In a nutshell:

Session.Abandon(); cancels the current Session.

Session.Clear(); clears all values from Session state.

원하시면 의견을 남겨주세요

이 기사가 도움이되었고 올바르게 번역 되었습니까?

기타 팁

Session.Abandon() 

will destroy/kill the entire session.

Session.Clear()

removes/clears the session data (i.e. the keys and values from the current session) but the session will be alive.

Compare to Session.Abandon() method, Session.Clear() doesn't create the new session, it just make all variables in the session to NULL.

Session ID will remain same in both the cases, as long as the browser is not closed.

Some things to note here from my experience:

Session.Abandon() does not invalidate the current session. Old requests execute fine if you replay them.

But, after you call it, setting the contents of the abandoned session dictionary have no permanent effect. The next request gets a fresh new session dictionary (even if you use the same session ID by replaying a previous request) and none of your previous changes to it (after having called the method) are there.

So, it seems that Session.Abandon() totally stops the persistence of the entire session, while Session.Clear() only removes its data.

And, also, if you need to secure your application from replay attacks, you should add some logic that validates sessions and not depend on any of these built-in methods. Those seem to be meant for only managing the persistence of the session data, not for securing your application.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow