000024590 - AXM - ASP.NET Session Variables still available after logging out.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024590
Applies ToClearTrust Web Agent IIS V4.6 Agent
ASP.NET Application
IssueAXM - ASP.NET Session Variables still available after logging out.
Logged out user does not close browser and next user of the .net application appears to pick up previous users session variables.

 CT_REMOTE_USER appears to be updated between the sessions

Resolution

In global.asax file of the ASP.NET project, add the following in the event handler

Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)     
      if Request.ServerVariables("HTTP_CT_REMOTE_USER") <> session("userid") then
            Session.Abandon()
            Response.Redirect(Request.ServerVariables("url"))
      End If
End Sub

NotesThe Global.asax file is the central point for ASP.NET applications. It provides numerous events to handle various application-wide tasks such as user authentication, application start up, and dealing with user sessions. The Global.asax file is in the root application directory. While Visual Studio .NET automatically inserts it in all new ASP.NET projects, it's actually an optional file.
Legacy Article IDa38742

Attachments

    Outcomes