Destroying ASP Sessions

Question

The project I'm working on is integrating PHP written features / pages into an ASP written site. I'm trying to create a piece of ASP code that destroys ASP sessions when I'm on my PHP pages. I have no prior experience with ASP so forgive me for my ignorance.

So, what I plan to do is to create a simple html link on my PHP pages the points to an ASP page which I want to use to destroy the ASP sessions. I've tried doing the method Session.Abandon, set Session("name") = nothing, and Session("name") = "nothing". Unfortunately, all these methods do not work.

I'm at a lost and I've searched everywhere what could possibly be wrong. Ideas anyone?

Thanks in advance!

UPDATE: Is it a factor that the Sessions are originally created from a VBScript?

oh sorry forgot to mention that.. Tried that too... still won't work. — JakeTheSnake, Aug 23 '14 at 11:03
http://stackoverflow.com/questions/5330268/how-to-kill-a-session-or-session-id-asp-net-c — arunrc, Aug 23 '14 at 11:07
I've been there already.. tried all of those things.. unfortunately they generate error when I put ";" after every line of code. — JakeTheSnake, Aug 23 '14 at 11:10
@JakeTheSnake that's because VBScript does not have ";", it's using a totally different syntax. Either learn VBScript, or write classic ASP with JScript which has syntax more like PHP. — Shadow The GPT Wizard, Aug 24 '14 at 13:05
Instead of `session("name")= "nothing"`, try `session("name")=""` — John, Aug 24 '14 at 14:24
How exactly have you verified that the _session_ isn't destroyed with a call to Session.Abandon ? — Thomas Kjørnes, Aug 24 '14 at 22:29
@Thomas after the Session.Abandon script I redirect to the ASP pages (homepage). The dashboard is still accessible from there which occurs when there is session. — JakeTheSnake, Aug 26 '14 at 01:41
can you try to output Session.SessionID to see if it stays the same? — Thomas Kjørnes, Aug 26 '14 at 20:16
@Thomas hmmmmmm.... I haven't tried that... I will now thanks... — JakeTheSnake, Aug 28 '14 at 01:30

score 1 · Answer 1 · answered Aug 25 '14 at 03:29

1

In classic ASP, use Session.Abandon

answered Aug 25 '14 at 03:29

Control Freak

12,965
30
94
145

This is the very first solution I tried. Unfortunately still doesn't work for me. – JakeTheSnake Aug 26 '14 at 01:42
Interesting, this is the only way I've found that actually does what it's supposed to do, whereas `Remove` and `RemoveAll` has failed me. How busy is your application? – Control Freak Aug 27 '14 at 16:24
It should be fairly busy. Is there a reason why that's a factor? – JakeTheSnake Aug 28 '14 at 01:32
Not whether it should be, but is it while this method isn't working? How are you testing this? – Control Freak Aug 28 '14 at 04:15
And yes, it is a factor. There's something called Memory Leaks. Where do you think Session data is stored? That's why people disable Sessions and use cookies instead. – Control Freak Aug 30 '14 at 02:02

score 1 · Answer 2 · answered Aug 28 '14 at 13:45

1

All you need to do is on the page you want the sessions to be dismissed from use:

Session.Contents.RemoveAll()

This will instantly clear all session's you have as soon as the page is run

answered Aug 28 '14 at 13:45

ByronMcGrath

365
2
3
20

score 0 · Answer 3 · answered Aug 26 '14 at 15:05

0

Perhaps these are not working because you are not "taking a trip to the server"? In other words, if you are on a page that has this code:

session("s_name_user")="mommy"
session.abandon
print session("s_name_user") 'hahaha

Then it will look like session.abandon did not work because the session variable retained its value. BUT if you do this:

session("s_name_user")="mommy"
session.abandon
response.redirect("page2.asp")

and page2.asp has this:

print session("s_name_user") 'hahaha

then we will see the session variable lost its value. By the way, don't try the "print" command.

answered Aug 26 '14 at 15:05

ScotterMonkey

1,007
12
25

1

This probably is it. I'd still have to try it though. But, you are spot on, I redirect it back to PHP page. Please standby for upvote :) – JakeTheSnake Aug 28 '14 at 01:35
Is it relevant to say that the Sessions are originally created from the VBScript? – JakeTheSnake Sep 06 '14 at 10:00
Replace Print with Response.Write perhaps? – easleyfixed May 02 '22 at 20:11

score 0 · Answer 4 · answered Sep 20 '17 at 15:31

If you want to remove the content of a specific session, you should use Session.Contents.Remove("session_name"). If you want to remove all of the session's contents, you should use Session.Contents.RemoveAll(). If you want to remove all the sessions including their content, you should use Session.Abandon. Once you removed or added any session, you can run the following code to see all of the active sessions:

Response.Write("Total Session: " & Session.Contents.Count & "<hr>")
For Each item in Session.Contents
    Response.Write(item & ": " & Session.Contents(item) & "<br>")
Next

Destroying ASP Sessions

4 Answers4