Does HttpContext.Current.Session gets destroyed when AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

Question

I have HttpContext.Current.Session["CurrentUser"] = user; somewhere in my code and in the logout I have this

public ActionResult LogOff()
{
           AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
            return RedirectToAction("Index", "Home");
}

I just want to make sure that HttpContext.Current.Session is also destoyed when I logoff. If not then how do it destroy it?

[MSDN](https://msdn.microsoft.com/en-us/library/ms178581.aspx) suggest to call session `Abandon()` after logout. Refer the third note in the link. — Siva Gopal, Feb 18 '17 at 03:14

score 1 · Accepted Answer · edited May 23 '17 at 12:17

1

I think the server will hold on to Session data for 20 minutes by default, unless you do something explicit.

But you can clear particular Session variables on logout or abandon the session.

See here for more info: What is the difference between Session.Abandon() and Session.Clear()

edited May 23 '17 at 12:17

Community

1
1

answered Feb 18 '17 at 03:09

Glenn Ferrie

10,290
3
42
73

Does HttpContext.Current.Session gets destroyed when AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

1 Answers1