出于安全目的,我在用户登录后重新生成了会话。但是Session_End事件调用了两次,一次是旧会话,一次是新会话。如何限制旧事件调用的Session_End事件?
我使用以下代码来生成新会话。
// code to generate new session
SessionIDManager sessionManager = new SessionIDManager();
string oldSessionId = sessionManager.GetSessionID( Context );
string newSessionId = sessionManager.CreateSessionID( Context );
bool isCookieAdded = false, isRedirected = false;
sessionManager.SaveSessionID( Context, newSessionId, out isRedirected, out isCookieAdded );
HttpApplication application = HttpContext.Current.ApplicationInstance;
SessionStateModule sessionStateModule = (SessionStateModule) application.Modules.Get( "Session" );
FieldInfo[] fields = sessionStateModule.GetType().GetFields( BindingFlags.NonPublic | BindingFlags.Instance );
SessionStateStoreProviderBase store = null;
FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
//Iterating the fields in Session State Module object and assign the field values to local variables.
foreach( System.Reflection.FieldInfo field in fields )
{
if( field.Name.Equals( "_store" ) )
{
store = (System.Web.SessionState.SessionStateStoreProviderBase) field.GetValue( sessionStateModule );
}
if( field.Name.Equals( "_rqId" ) )
{
rqIdField = field;
}
if( field.Name.Equals( "_rqLockId" ) )
{
rqLockIdField = field;
}
if( field.Name.Equals( "_rqSessionStateNotFound" ) )
{
rqStateNotFoundField = field;
}
}
object lockId = rqLockIdField.GetValue( sessionStateModule );
//Release the lock in the session data store.
if( ( lockId != null ) && ( oldSessionId != null ) )
{
store.ReleaseItemExclusive( Context, oldSessionId, lockId );
}
rqStateNotFoundField.SetValue( sessionStateModule, true );
rqIdField.SetValue( sessionStateModule, newSessionId );