i am new to DNN and found it's very handy(round applause to the team!). however, one thing always puzzle me is its session control. e.g. in my previous .NET application dev experiences, when one restart IIS, all the sessions variables and user login info would be erased, but it doesn't look like the case for DNN(keeping cache somewhere?).  also another issue is, when someone logout and login, some of my custom modules' session variables are still kept (i thought all session variables would be destroyed automatically, including those initiated from custom modules?)

perhaps someone could tell what's the mechanism DNN uses in session/cache control?

thank you very much

thanks for the quick reply!

so if i understand correctly, when someone clicks 'logout', basically it's only removing/expiring this form authentication cookies but all session variables set in any customized modules remain and must be explicitly remove?

so when iis reset, these cookies would still remain. what's the best way you would suggest me to do if i want to ensure these are deleted when IISReset.

now it also triggers a question in mind: supposingly i have two users using the same machine and open two different browsers on the same machine, login to a DNN application separately. i found out that both users would behave separately (e.g. browser A on the computer as a regular user see regular user screens; browser B login as admin on the same computer and see admin screen). in some situations this is handy but in our applications, this is not very well. what would be the best solution to forbidden such sceanrio to happen(e.g. in Yahoo Mail, i think if cases like that and 2nd user login again on the same machine, it would automatically take over and presume all screens to be based on 2nd user's login criteria).

thank you in advance.