1

It appears that Chrome is not deleting session cookies, (see this question) this includes the ones set by IIS for session handling.

When I look at the cookie store for my page I see a large number of old these ASP session id cookies. When I process a log out would it be a good idea use JavaScript to remove these from the browser?

Can I please ask that when answering that you provide reasoning so that other readers can understand why you are for or against?

Community
  • 1
  • 1
user2113770
  • 21
  • 3

1 Answers1

0

If they are classic asp sessions, they will expire based on the session timeout property you set for them, or the default IIS session timeout variable you set.

You wont be able to manipulate the session cookies using JS alone because they are generated with random names. You could use JS to delete the cookies, but its far easier to use the Session.Abandon method and ASP should just remove the sessions. If for some reason the sessions are still not being removed, try an incognito browser as it might be something going on with your browser not deleting cookies properly.

Lastly you can disable session state on parts of your asp application. Specifically for portions of the site that dont need sessions. You can even get crazy with it, and use a different subdomain for sessions so that you dont pass the cookies with each request.

Frank
  • 1,056
  • 3
  • 17
  • 38
  • Running a regex over the contents of document.cookie to find all all cookies that start with "ASPSESSIONID" appears to be an easy way to find them. – user2113770 Jan 28 '15 at 03:42
  • The key issue is that theses are session cookies and hence so IIS is not setting an expiry for them. Chrome appears to only delete cookies that have an expiry. The key question hear is should I tidy up the session cookie that the server has created as part of its sessions management ? – user2113770 Jan 28 '15 at 03:49
  • For Server performance it wont matter. because IIS will let go of the sessions when they expire. What I mean is if IIS is keeping track of the sessions with a timeout of 20 minutes, after 20 minutes the session cookies mean nothing to IIS and the session has expired. As for the issue of Chrome not cleaning up the sessions you could use the javascript regex method you stated, but the only benefit would be to reduce the amount of header info being sent with each request. – Frank Feb 06 '15 at 05:15