DeleteLogonSession function

Cleans up any logon sessions created while determining whether a user's authentication information is legitimate.

If the authentication fails, the authentication package should delete all related logon sessions.


NTSTATUS DeleteLogonSession(
  _In_ PLUID LogonId


LogonId [in]

Pointer to an LUID structure containing the session ID of logon session to delete.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Return codeDescription

The specified logon session has a reference count value that prevents it from being deleted. This is a serious problem, caused by both the operating system and authentication package believing they have authority over the logon session.


The specified logon session could not be found.


The LsaNtStatusToWinError function converts an NTSTATUS code to a Windows error code.


Because logon sessions use up memory in the kernel, any unused or discarded logon sessions should be deleted. However, logon sessions should not be deleted after a logon ID for the session has been returned to the LSA. After the LSA has been given a logon ID (for example, as a result of a LsaApLogonUser call), the LSA assumes it is responsible for the logon session and will delete it when the operating system no longer needs it. At this time, the LSA calls LsaApLogonTerminated to notify the authentication package that the session has been deleted.

In contrast, authentication packages are not notified when a logon session is deleted with DeleteLogonSession.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]



See also