How Works Asp.net Session_End

Question

In my asp.net web application when the user logged in i set an isLogged flag in db to true.

I use the Session_End method to set false isLogged flag when the Session expires ( after 120 min).

I test this method in multiple cases:

• When user closes the browser without click on logout button, after the timeout time the session_end do his job.
• Same thing happens when user lock his device, or his device go in standby.

My problem is that there are some users that "stay logged" if they don't click on logout button. I'm honest with you, i don't understand why session_end works when client device isn't connected to the website. I thought that the Server did the Session_end job, but if this is true, why for some users didn't work?

The reason could be the browser or the type of device ( mobile or not) ?

Answer 1

If you enabled sliding expiration for the session and the browser makes some permanent AJAX requests, then just leaving a browser window open can keep the session alive forever. As far as how the session end event works:

The Session_OnEnd subroutine is run when the Abandon method has been called or when the session has expired. A session expires when the number of minutes specified by the Timeout property passes without a request being made for the session.