how to change session id during login in asp.net core

Asked May 31 '19 at 11:02

Active Jun 03 '19 at 02:49

Viewed 948 times

I need to assign a new session Id as part of the login request on asp net core 2.2, this is required to prevent session hijacking.

The session.clear method leaves the cookie intact, and I can remove the session cookie using for example

Response.Cookies.Delete("ASP.NET_SessionId");

But this prevents the login from working, old asp net used to have a session abandon but I cant see an equivalent.

Any help appreciated. Thanks

asked May 31 '19 at 11:02

Chris Small

At currently , there is no obvious counterpart to the pre-ASP.NET Core Abandon method which ends the session. if Delete cookie is not acceptable in your scenario , the only way is to check whether session is empty on server side and write some logic . – Nan Yu Jun 03 '19 at 03:07
Kindly check this link. https://stackoverflow.com/questions/1368403/generating-a-new-asp-net-session-in-the-current-httpcontext – SUNIL DHAPPADHULE Jun 03 '19 at 03:30
Does this answer your question? [Session Fixation - Change sessionId on asp.net core 2](https://stackoverflow.com/questions/47335370/session-fixation-change-sessionid-on-asp-net-core-2) – display-name Feb 13 '20 at 16:00

0 Answers0