24

I want to sign out a user when his session times out. So used following code in Global.asax:

protected void Session_End(object sender, EventArgs e)
{
    FormsAuthentication.SignOut();
}

But seems session_end never fires. Any idea how can fix it? I'm using ASP.NET with default settings.

Afshar Mohebi
  • 10,479
  • 17
  • 82
  • 126
  • 3
    Did you really wait 20 minutes for that to event to fire? – leppie Jan 27 '11 at 06:42
  • @leppie: definitely yes! I also replaced that line with this: "throw new Exception("");" but still does not work. – Afshar Mohebi Jan 27 '11 at 06:50
  • @InSane: How can ensure this? I know my session really expires after a specific time. So it seems that it is InProc – Afshar Mohebi Jan 27 '11 at 06:51
  • To ensure your session state mode, goto your web.config file and find a tag called SessionState. There will be an attribute named mode="" If the value of your attribute is In-Proc, only then this event will fire. For anything else event will not fire. – Subhash Dike Jan 27 '11 at 06:53
  • @Subhasg Dike, @InSane: I have not such a thing in web.config. What's the default value? – Afshar Mohebi Jan 27 '11 at 06:57
  • 1
    @afsharm - It would be defaulted based on your machine.config value. Should be "Inproc" most likely. Thats usually the default – Jagmag Jan 27 '11 at 06:59

5 Answers5

45

You may set some Session data in Session_Start. Without this, Session_End will not be fired. see this

Also another very important thing to note here is that if you do not save anything in the session the Session_End event will not fire. There must be something saved in the session atleast once for the Session_End event to fire. This also means that if you save something in the session in the first request and abandon the session in the same request the Sesison_End event will not fire, as there was nothing saved in the session ever.

polach.o
  • 652
  • 8
  • 16
  • Very interesting; something I did not know. Also makes a lot of sense. IMHO, this is the answer. – Shawn J. Molloy Jan 31 '13 at 22:11
  • 2
    I have the same Problem but I do save something (Session["abc"] = "xyz";) in Session_Start. But it does not work. :( – Ephedra Jul 08 '15 at 10:36
  • 4
    The Session_OnEnd event is not supported if the session Mode property is set to a value other than InProc, which is the default mode. Is it your case? – polach.o Jul 09 '15 at 06:27
  • I'll add that simply doing `var sessionID = Session.SessionID` inside of Session_Start was enough to get Session_End to fire for me. – Julian Jocque Apr 28 '16 at 19:26
10

In your web.config you need to have the sessionState element as a child of the element

<configuration>
     <system.web>
          <sessionState mode="InProc" />
          .....
     </system.web>
</configuration>
TheGeekYouNeed
  • 7,509
  • 2
  • 26
  • 43
  • 3
    Also worth nothing is that Session_End does NOT work with any sessionState other than InProc. – Phill Jan 27 '11 at 08:54
  • I changed the session to InProc. But session_end does not fire yet. – Afshar Mohebi Jan 27 '11 at 09:07
  • 3
    Are you running this in IIS or in Visual Studio, if it's in VisualStudio with the WebDev then you wont see the event fire. To test it you will need to put your website in IIS and attach the debugger to w3wp.exe – Phill Jan 27 '11 at 09:33
6

I don't know if it is a feature or bug. Or may be I don't understand enough session managment in ASP.NET. But this is what I found.

Session_End does not fire in ASP.NET MVC 4 (with default settings for sessionState element in web.config) if Session_Start is not declared.

So you need declare Session_Start to catch Session_End :)

protected void Session_Start(Object sender, EventArgs e) { }

protected void Session_End(Object sender, EventArgs e) {
  Debug.WriteLine("End. " + Session.SessionID);
}
BStill
  • 894
  • 1
  • 9
  • 33
resnyanskiy
  • 1,607
  • 1
  • 24
  • 24
1

Are you sure that it never fires ?

As I understand it Session_End has nothing to do with the current request because ASP.NET session is terminated by the timeout AFTER the last request from the client has arrived. The call to FormsAuthenticaion.SignOut manipulates authentication cookies and therefore has no effect without any connectivity from the client (browser).

Take a look at this question (which has an answer) - the problem is more or less similar to yours so you might find a right solution:

Session_End in Global.asax.cs not firing using forms authentication

Hope this helps.

Community
  • 1
  • 1
volpav
  • 5,090
  • 19
  • 27
0

I dont know how its working, but it will fire when i close my browser after time out period. 

  public void Session_End(Object sender, SessionEndedEventArgs e)
  {
  }

Call this from 

  Application_Start() Event

  SessionEndModule.SessionEnd += new SessionEndEventHandler(Session_End);
Haris N I
  • 6,474
  • 6
  • 29
  • 35