Overview :
I created a system that have Customer area and Admin area. Both areas have different log-in page. A user can be logged in as User A in Admin area at the same time logged in as User B in Customer area.
When a user log-out from either Customer or Admin area, Session.Abandon() is called and it removes session in both Customer and Admin area which I don’t want to happen
Question : Can I abandon session on log-out without affecting other area’s session ? (i.e : When I log out from Customer area, I should stay logged-in in Admin area)
Update : I know Session.Clear() can be a workaround for this, but I’m afraid of the security risks it might impose.
The core of the problem is that normally for one asp web application there is only one session (*) per the physical user’s browser. Without some really serious modifications to the site/frame/servercode structure, you are not able to create and mantain several parallel sesisons. Even your “.Session” hashmap provided by Pages and Controls always show the same keys/values..
Some parts of your web app may use different keys and thus emulate “layers” or “modules” that does not intersect, but still this is only one storage..
Thus, if you call Session-Abandon, you lose all – because it wa only one session out there..
The only thing youcan do is to manually selectively clear the proper entries, like Rolice answered here in parallel:)
(*) actually, when you do a Session-Abandon you are not removing/destroying the session. There still is an exactly one session. It has just forgotten all the data and now it is “empty” = so, like new. Well, ok, it maybe removes the old cookies, I dont remember, but they will be re-created with new fresh keys instantly upon next page render, so … rather immediatelly.