generate own unique sessionid instead standard asp.net 120bit sessionid

A

Andy Mortimer [MS]

SessionID's are created in the SessionStateModule. To extend the session
state under ASP.NET you will need to write your own HTTP module and replace
the SessionStateModule in the machine.config. The SessionStateModule is
the module which provides all the session state functionality for ASP.NET.
The SessionStateModule is sealed so you cannot extend it. Perhaps they are
trying to tell us something? You can replace it; however, there is'nt any
documentation other than how to create a HTTP module to help you accomplish
this task. Unless you have a really really good argument for rolling your
own sessionid, I would stick with what has been provided for you.

Regards

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 
R

Ronald

Hi Andy

Andy Mortimer said:
SessionID's are created in the SessionStateModule. To extend the session
state under ASP.NET you will need to write your own HTTP module and replace
the SessionStateModule in the machine.config. The SessionStateModule is
the module which provides all the session state functionality for ASP.NET.
The SessionStateModule is sealed so you cannot extend it. Perhaps they are
trying to tell us something? You can replace it; however, there is'nt any
documentation other than how to create a HTTP module to help you accomplish
this task. Unless you have a really really good argument for rolling your
own sessionid, I would stick with what has been provided for you.

We have the Problem, that the StateModule, when it runs in cookieless
SQLServer Mode, redirect to an existing foreign session instead of creating
a brand new session after site Request w/o SessionID in URL. That's a very
big Problem. I will now disable the reusage of sessionids.

Ronald

Regards

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 
A

Andy Mortimer [MS]

Thats not something I've heard of. I was of the understanding that
sessionID values are generated using
an algorithm that guarantees uniqueness so that sessions do not collide.

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 
A

Andy Mortimer [MS]

R

Ronald

Hi Andy,

Andy Mortimer said:

we have solved this problem. Once of our promotion partners linked to our
site through an banner with sessionid in the url. That was the reason for
'session collitions'. But it's still a problem that the sessionhandler
doesn't generate a new sessionid, if the url includes a valid sessionid
which actually not runs on the state server. I think, it's better, every
sessionstart generates a new sessionid, independ of the sessionid included
in requests url.
Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 
A

Andy Mortimer [MS]

Good to hear you have solved your problem, but not to clear on what is
happening. If the stored sessionid in the banner wasn't getting a page
after the session had expried, then I think that is by design.

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,835
Latest member
KetoRushACVBuy

Latest Threads

Top