Need ASP script to Generate Unique Session ID

Discussion in 'ASP General' started by Dan Thompson, Dec 7, 2009.

  1. Dan Thompson

    Dan Thompson Guest

    Hello I am still quite new to ASP and I am wondering if anyone can help ?
    I am trying to write a ASP script to put into my website that will generate
    a random and unique Session ID that is stored in a cookie on the clients end
    for the duration of time they are logged into my website. Can anyone provide
    me with a simple ASP script to do this or at least provide some insight on
    how to go about doing this ?

    Dan Thompson
     
    Dan Thompson, Dec 7, 2009
    #1
    1. Advertising

  2. Dan Thompson

    Evertjan. Guest

    =?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in
    microsoft.public.inetserver.asp.general:

    > Hello I am still quite new to ASP and I am wondering if anyone can
    > help ? I am trying to write a ASP script to put into my website that
    > will generate a random and unique Session ID that is stored in a
    > cookie on the clients end for the duration of time they are logged
    > into my website. Can anyone provide me with a simple ASP script to do
    > this or at least provide some insight on how to go about doing this ?


    ASP will do this by itself.

    <%
    Response.Write Session.SessionID
    %>

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Dec 7, 2009
    #2
    1. Advertising

  3. Dan Thompson

    Dan Thompson Guest

    I thought I would clarify more what I am looking for so here is the deal.

    I already have a Login.asp page where the user can type in login information
    then I have a verify.asp page that verify's the user login info with the
    username and password information in MySQL database.
    The problem is I need a unique user ID and I could just use some sort of
    random user ID number generator function into MySQL as a primary key (userID)
    but once the number has been generated for new user that has been added to
    MySQL database that user ID is going to be the same for as long as the user
    exists in the database.
    I would much rather just have my verify page verify that the username and
    password are correct and than have ASP assign a session ID to that user for
    the duration that they are on my website that way it is more secure and less
    likely that someone could guess the URL as the session ID number would only
    be valid for the duration that the proper user is logged into the site and
    would be a different number the next time that same user log's into the site.

    Please can anyone help with this question ?

    Dan Thompson

    "Dan Thompson" wrote:

    > Hello I am still quite new to ASP and I am wondering if anyone can help ?
    > I am trying to write a ASP script to put into my website that will generate
    > a random and unique Session ID that is stored in a cookie on the clients end
    > for the duration of time they are logged into my website. Can anyone provide
    > me with a simple ASP script to do this or at least provide some insight on
    > how to go about doing this ?
    >
    > Dan Thompson
     
    Dan Thompson, Dec 7, 2009
    #3
  4. Dan Thompson

    Evertjan. Guest

    =?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in
    microsoft.public.inetserver.asp.general:

    > I thought I would clarify more what I am looking for so here is the
    > deal.
    >
    > I already have a Login.asp page where the user can type in login
    > information then I have a verify.asp page that verify's the user login
    > info with the username and password information in MySQL database.
    > The problem is I need a unique user ID and I could just use some sort
    > of random user ID number generator function into MySQL as a primary
    > key (userID) but once the number has been generated for new user that
    > has been added to MySQL database that user ID is going to be the same
    > for as long as the user exists in the database.
    > I would much rather just have my verify page verify that the username
    > and password are correct and than have ASP assign a session ID to that
    > user for the duration that they are on my website that way it is more
    > secure and less likely that someone could guess the URL as the session
    > ID number would only be valid for the duration that the proper user is
    > logged into the site and would be a different number the next time
    > that same user log's into the site.
    >
    > Please can anyone help with this question ?


    As I told you, the session.id is unique and available during the whole
    session.

    I do not see the problem that the user also has his unique serial nmber
    in your database, you can just assign that nummber to a session variable,
    that is not available to the outside world, but uniquely identifies your
    user during a single or multiple sessions.

    Ofcourse, you should not use that number as a determinant for the session
    in a querystring or post data. That is where session cookies come in to
    hold the Session.id value.

    Are you afraid of cookies, perhaps?

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Dec 7, 2009
    #4
  5. Dan Thompson

    Neil Gould Guest

    Hi Dan,

    Dan Thompson wrote:
    > I thought I would clarify more what I am looking for so here is the
    > deal.
    >
    > I already have a Login.asp page where the user can type in login
    > information then I have a verify.asp page that verify's the user
    > login info with the username and password information in MySQL
    > database.
    > The problem is I need a unique user ID and I could just use some sort
    > of random user ID number generator function into MySQL as a primary
    > key (userID) but once the number has been generated for new user that
    > has been added to MySQL database that user ID is going to be the same
    > for as long as the user exists in the database.
    > I would much rather just have my verify page verify that the username
    > and password are correct and than have ASP assign a session ID to
    > that user for the duration that they are on my website that way it is
    > more secure and less likely that someone could guess the URL as the
    > session ID number would only be valid for the duration that the
    > proper user is logged into the site and would be a different number
    > the next time that same user log's into the site.
    >
    > Please can anyone help with this question ?
    >
    > Dan Thompson
    >

    Every ASP session generates a unique session ID, as Evertjan has pointed
    out. However, for what you've said you're trying to accomplish, I doubt that
    the session ID would be of use, because a unique ID is generated every time
    a user logs in, and it is used only to track that specific session, so it
    would have no value as a validator in a cookie.

    OTOH, a unique user ID that is assigned when the user is initially added to
    the database can be accessed during log in to track other activities.
    Typically, this will be a key field to make searches faster, and is useful
    as a way to build entries in a related table, for example for logging orders
    or such. As you may guess, this leads to a host of other issues regarding
    the structure of relational databases that is unrelated to the issue of
    security.

    There is a lot of information about this on the web, and if you narrow your
    concerns a bit, a google search will provide you with a lot of reading
    material.

    Best,

    Neil
     
    Neil Gould, Dec 8, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ronald
    Replies:
    6
    Views:
    6,966
    Andy Mortimer [MS]
    Feb 23, 2004
  2. Max
    Replies:
    5
    Views:
    32,717
    Sudsy
    Feb 28, 2004
  3. Mullin
    Replies:
    3
    Views:
    5,507
  4. ToshiBoy
    Replies:
    6
    Views:
    852
    ToshiBoy
    Aug 12, 2008
  5. Token Type
    Replies:
    9
    Views:
    360
    Chris Angelico
    Sep 9, 2012
Loading...

Share This Page