ASP.NET Kill Session By Id
"Is there a way to Kill an specific Application Session by the ID, forcing user to Log in again?"
No. You can only access the Session object of the user doing the current request (i.e. yourself), not other users Session objects.
So, you need to store the id of the user somewhere else, for example in a static collection. When the user makes the next request you can check if the id is in the collection, and update the permissions or log out the user.
Another alternative would be to keep the permission objects of all currently logged in users in a static collection as well as in their Session variable. That way you would be able to change the permission object without accessing the Session object of that user.
Using static variables in a web application of course comes with the usual precautions. As multiple threads can access it, the access has to be synchonised. Also, as Alexei Levenkov pointed out, if you have multiple servers you have to keep the data synchonised between the servers.
ASP.NET: How to end session when the user clicks log-out?
The Abandon method should work (MSDN):
Session.Abandon();
If you want to remove a specific item from the session use (MSDN):
Session.Remove("YourItem");
EDIT: If you just want to clear a value you can do:
Session["YourItem"] = null;
If you want to clear all keys do:
Session.Clear();
If none of these are working for you then something fishy is going on. I would check to see where you are assigning the value and verify that it is not getting reassigned after you clear the value.
Simple check do:
Session["YourKey"] = "Test"; // creates the key
Session.Remove("YourKey"); // removes the key
bool gone = (Session["YourKey"] == null); // tests that the remove worked
This is from Kelsey's AnswerClick Here
How can I kill a specific session? Where are they stored?
You have to control the session on the server side. On the server side you have access to the session id assigned to each new session.
So, when the user logs in, you store the assigned session id in the users table. He gets this session id.
In each request, you check if the session id is equals to the one stored on the database.
When the users issues another login, another session id is assigned by the server, right? You store this new session id on the user's table.
Afterwards, requests from the older session will be denied/redirected, since the session id is no longer valid. The old session id was replaced by the one of the last login.
How to remove specific session in asp.net?
There is nothing like session container , so you can set it as null
but rather you can set individual session element as null or ""
like Session["userid"] = null;
Related Topics
Why Can't I Reference System.Componentmodel.Dataannotations
Embedding Flash Player in a C++ or Java Application
How to Fix Ill-Formed HTML with HTML Agility Pack
How to Get All Input Elements in a Form with HTMLagilitypack Without Getting a Null Reference Error
Memorystream - Cannot Access a Closed Stream
The Controls Collection Cannot Be Modified Because the Control Contains Code Blocks (I.E. <% ... %>)
Code with Undefined Behavior in C#
How to Rewrite Complicated Lines of C++ Code (Nested Ternary Operator)
Perform Button Click Event When User Press Enter Key in Textbox
Default Value for Missing Properties with JSON.Net
Sharing Variables Between C# and C++
Using a Wwwroot Folder (ASP.NET Core Style) in ASP.NET 4.5 Project
Retrieve an Object from Entityframework Without One Field