generate own unique sessionid instead standard asp.net 120bit sessionid

Discussion in 'ASP .Net' started by Ronald, Feb 6, 2004.

  1. Ronald

    Ronald Guest

    howto

    thanx
    Ronald
     
    Ronald, Feb 6, 2004
    #1
    1. Advertising

  2. SessionID's are created in the SessionStateModule. To extend the session
    state under ASP.NET you will need to write your own HTTP module and replace
    the SessionStateModule in the machine.config. The SessionStateModule is
    the module which provides all the session state functionality for ASP.NET.
    The SessionStateModule is sealed so you cannot extend it. Perhaps they are
    trying to tell us something? You can replace it; however, there is'nt any
    documentation other than how to create a HTTP module to help you accomplish
    this task. Unless you have a really really good argument for rolling your
    own sessionid, I would stick with what has been provided for you.

    Regards

    Andy Mortimer [MS]
    Please do not send email directly to this alias. This alias is for
    newsgroup purposes only

    This posting is provided "AS IS" with no warranties, and confers no rights.
    OR if you wish to include a script sample in your post please add "Use of
    included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm"
     
    Andy Mortimer [MS], Feb 9, 2004
    #2
    1. Advertising

  3. Ronald

    Ronald Guest

    Hi Andy

    "Andy Mortimer [MS]" <> wrote in message
    news:...
    > SessionID's are created in the SessionStateModule. To extend the session
    > state under ASP.NET you will need to write your own HTTP module and

    replace
    > the SessionStateModule in the machine.config. The SessionStateModule is
    > the module which provides all the session state functionality for ASP.NET.
    > The SessionStateModule is sealed so you cannot extend it. Perhaps they are
    > trying to tell us something? You can replace it; however, there is'nt any
    > documentation other than how to create a HTTP module to help you

    accomplish
    > this task. Unless you have a really really good argument for rolling your
    > own sessionid, I would stick with what has been provided for you.
    >


    We have the Problem, that the StateModule, when it runs in cookieless
    SQLServer Mode, redirect to an existing foreign session instead of creating
    a brand new session after site Request w/o SessionID in URL. That's a very
    big Problem. I will now disable the reusage of sessionids.

    Ronald


    > Regards
    >
    > Andy Mortimer [MS]
    > Please do not send email directly to this alias. This alias is for
    > newsgroup purposes only
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    > OR if you wish to include a script sample in your post please add "Use of
    > included script samples are subject to the terms specified at
    > http://www.microsoft.com/info/cpyright.htm"
    >
    >
     
    Ronald, Feb 9, 2004
    #3
  4. Thats not something I've heard of. I was of the understanding that
    sessionID values are generated using
    an algorithm that guarantees uniqueness so that sessions do not collide.

    Andy Mortimer [MS]
    Please do not send email directly to this alias. This alias is for
    newsgroup purposes only

    This posting is provided "AS IS" with no warranties, and confers no rights.
    OR if you wish to include a script sample in your post please add "Use of
    included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm"
     
    Andy Mortimer [MS], Feb 9, 2004
    #4
  5. Not sure if this is pertinent?

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;822162

    Andy Mortimer [MS]
    Please do not send email directly to this alias. This alias is for
    newsgroup purposes only

    This posting is provided "AS IS" with no warranties, and confers no rights.
    OR if you wish to include a script sample in your post please add "Use of
    included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm"
     
    Andy Mortimer [MS], Feb 9, 2004
    #5
  6. Ronald

    Ronald Guest

    Hi Andy,

    "Andy Mortimer [MS]" <> wrote in message
    news:...
    > Not sure if this is pertinent?
    >
    > http://support.microsoft.com/default.aspx?scid=kb;EN-US;822162
    >


    we have solved this problem. Once of our promotion partners linked to our
    site through an banner with sessionid in the url. That was the reason for
    'session collitions'. But it's still a problem that the sessionhandler
    doesn't generate a new sessionid, if the url includes a valid sessionid
    which actually not runs on the state server. I think, it's better, every
    sessionstart generates a new sessionid, independ of the sessionid included
    in requests url.

    > Andy Mortimer [MS]
    > Please do not send email directly to this alias. This alias is for
    > newsgroup purposes only
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    > OR if you wish to include a script sample in your post please add "Use of
    > included script samples are subject to the terms specified at
    > http://www.microsoft.com/info/cpyright.htm"
    >
     
    Ronald, Feb 17, 2004
    #6
  7. Good to hear you have solved your problem, but not to clear on what is
    happening. If the stored sessionid in the banner wasn't getting a page
    after the session had expried, then I think that is by design.

    Andy Mortimer [MS]
    Please do not send email directly to this alias. This alias is for
    newsgroup purposes only

    This posting is provided "AS IS" with no warranties, and confers no rights.
    OR if you wish to include a script sample in your post please add "Use of
    included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm"
     
    Andy Mortimer [MS], Feb 23, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrice Scribe

    SessionID - How unique it is now ?

    Patrice Scribe, Nov 3, 2003, in forum: ASP .Net
    Replies:
    6
    Views:
    547
    Patrice Scribe
    Nov 5, 2003
  2. Jake Barnes
    Replies:
    1
    Views:
    425
    Andy Dingley
    Nov 14, 2005
  3. ToshiBoy
    Replies:
    6
    Views:
    858
    ToshiBoy
    Aug 12, 2008
  4. Dan Thompson

    Need ASP script to Generate Unique Session ID

    Dan Thompson, Dec 7, 2009, in forum: ASP General
    Replies:
    4
    Views:
    1,497
    Neil Gould
    Dec 8, 2009
  5. Token Type
    Replies:
    9
    Views:
    364
    Chris Angelico
    Sep 9, 2012
Loading...

Share This Page