Question:

When a user accesses an application on my site, a sessionID is generated. After the application is accessed the user leaves the machine alone until the session times out. I know the session expired, since I have session_onend logging the occurrence to a database. If the user left his browser open and wants to view my application again, the old sessionID is used. If he closes the browser and opens it again, a new sessionID is created. How can I force a new session to be created the browser is left open?

Answer:

Use the Session.Abandon method to force the end of a session. Then immediately change the current page (use a response.redirect) to start a new session with a new session Id.

<% Session.Abandon    Response.Redirect "The home page url"%>