Session.Abandon and Session ID
I call Session.Abandon after a person completes an order. The users
session is expired and they have to relogin. Great! The issue is that the
sessionID stays the same. From what I understand, this is suppose to change
every time a new session is created. Is this true?
Session.Abandon only releases the memory used by session variables and
frees the server resources used by that session. Session ID is stored on the
client side (as a cookie) and is unaffected by the Abandon method. As such, the
session effectively restarts, but retains the session ID.