Monday, March 9, 2015

ASPNET Sessions and Response Redirect - Why logins do not always work after logging off

This is the first time that I got around to building a custom login user control. Typically, I build the login as part of the master page. Because of this change, there was a problem I ran into while testing the code. The issue was that I was unable to log into my application right after I log off. I can log in in the very first session or login again after it fails.

This issue is not a huge deal but can interfere with the user experience which makes it a big deal. But how often does a user log right in after logging off? This should not happen often and the user will likely naturally try again.

Any case, I found that I cannot Clear and Abandon a session in the same page transaction as I set a new session. Essentially, I found that this issue occurred only on the logoff page. I can log in twice because the page is redirected to the home page after the first attempt thus leaving the logoff page.


Summary

Not IsPostBack will prevent the issue that I ran into. Executing session's clear and abandon will trump any sessions set within the same page transaction, even if it is "executed" earlier in the code. By using Not IsPostBack will prevent the clear and abandon code to be executed when the Page_Load method is executed after clicking on the submit button.



Off-shoot issue

I had ran into a different problem earlier in my career (I think this may already have been fixed in the later .NET Framework versions), but in case the above does not help... here is an article that provides detail on using sessions and page redirects.


Reference