1. this. Session ["username"] = null
HttpSessionState uses a collection object of the NameObjectCollection type to store user data. Therefore, using this. Session ["username"] = null only sets the value of this element to null and does not actually remove it from the Session. (Why? Dizzy ~~~ We recommend that you read C # Basic Books .)
The correct method is: this. Session. Remove ("username ");
Delete all data: this. Session. RemoveAll (); or this. Session. Clear ();
2. this. Session. Abandon ()
This method will cause the current Session to be canceled, and the system will trigger the Session_End event in Global. asax (only when Mode = InProc ).
Although the SessionID (possibly) does not change when the request is sent again, you will find that the Global. asax Session_Start event is triggered. You can also use this. Session. IsNewSession attribute to determine whether the current Session is re-created.
Because some components and controls may need to use Session information (such as using this. Session. SyncRoot for synchronization), do not use this method to clear the Session easily.
3. User Authentication
Do not use this. Session ["username"] = "ZhangSan", if (this. Session ["username"]! = Null) This method is neither secure nor unreasonable for user authentication. For more information about identity authentication, see the MSDN document or the article on rain marks.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
