Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
, Cookie 。 Cookie。

, Cookie( )。 , Cookie。 (login.aspx) ID, Cookie 。 , Cookie 。 , 。 Cookie “Response.Redirect” 。 Cookie ASP.NET_SessionId , Cookie , “Response.Redirect” 。 。

, Cookie , 。 , ASP.NET Cookie Cookie , “FormsAuthentication” Cookie 。 , 5 。
private void Page_Load(object sender, System.EventArgs e)

{

if( !IsPostBack &&

( Request.Cookies["__LOGINCOOKIE__"] == null ||

Request.Cookies["__LOGINCOOKIE__"].Value == "" ) )

{

//At this point, we do not know if the session ID that we have is a new

//session ID or if the session ID was passed by the client.

//Update the session ID.

Session.Abandon();

Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));

//To make sure that the client clears the session ID cookie, respond to the client to tell

//it that we have responded. To do this, set another cookie.

AddRedirCookie();

Response.Redirect( Request.Path );

}

//Make sure that someone is not trying to spoof.

try

{

FormsAuthenticationTicket ticket =

FormsAuthentication.Decrypt( Request.Cookies["__LOGINCOOKIE__"].Value );

if( ticket == null || ticket.Expired == true )

throw new Exception();

RemoveRedirCookie();

}

catch

{

//If someone is trying to spoof, do it again.

AddRedirCookie();

Response.Redirect( Request.Path );

}

Response.Write("Session.SessionID="+Session.SessionID+"<br/>");

Response.Write("Cookie ASP.NET_SessionId="+Request.Cookies["ASP.NET_SessionId"].Value+"<br/>");

}

private void RemoveRedirCookie()

{

Response.Cookies.Add(new HttpCookie("__LOGINCOOKIE__", ""));

}

private void AddRedirCookie()

{

FormsAuthenticationTicket ticket =

new FormsAuthenticationTicket(1,"Test",DateTime.Now,DateTime.Now.AddSeconds(5), false,"");

string encryptedText = FormsAuthentication.Encrypt( ticket );

Response.Cookies.Add( new HttpCookie( "__LOGINCOOKIE__", encryptedText ) );

}

     :Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
    Session.Abandon();  Session.clear();       ,        
 


 
            Session.Abandon ,   Session_End  (InProc   )。
            Session_Start  。
 Session.Clear    Session            Session,           。
Session.Abandon()            , clear()