SessionID Length

Discussion in 'ASP .Net' started by rn5a@rediffmail.com, Feb 28, 2007.

  1. Guest

    I am working on a database driven application wherein the SessionID
    gets populated in a database table column.

    After populatating the DB table column with several SessionIDs, I have
    noticed that the length of all the SessionIDs is 24 i.e. all the
    SessionIDs have 24 alphanumeric characters.

    Now what I would like to know is is the length of SessionIDs ALWAYS
    GUARANTEED to be 24 in ASP.NET?
    , Feb 28, 2007
    #1
    1. Advertising

  2. Howdy,

    Yes and no. If you are using standard session state management, standard id
    provider is used (System.Web.SessionState.SessionIDManager) which is public
    so you can create and access ISessionIDManager interface methods:

    public interface ISessionIDManager
    {
    // Methods
    string CreateSessionID(HttpContext context);
    string GetSessionID(HttpContext context);
    void Initialize();
    bool InitializeRequest(HttpContext context, bool
    suppressAutoDetectRedirect, out bool supportSessionIDReissue);
    void RemoveSessionID(HttpContext context);
    void SaveSessionID(HttpContext context, string id, out bool
    redirected, out bool cookieAdded);
    bool Validate(string id);
    }

    where the most obvious member to use would be Validate(). Current (ASP.NET
    2.0) implementation utilizes the internal class for generating ids
    System.Web.SessionState.SessionId which defines fixed session id length 24
    for cookie based session, and 26 for cookieless sessions. Have in mind future
    implemenations may vary so never assume it'll always be 24. Instead, define a
    public constant you can easly change in future in case internal implemenation
    changes. I forgot they also defined a constant which holds maximum number of
    characters that can be used in session id:
    System.Web.SessionState.SessionIDManager.SessionIDMaxLength = 80

    You may create NVARCHAR(80) column for session ids

    Hope this helps
    --
    Milosz


    "" wrote:

    > I am working on a database driven application wherein the SessionID
    > gets populated in a database table column.
    >
    > After populatating the DB table column with several SessionIDs, I have
    > noticed that the length of all the SessionIDs is 24 i.e. all the
    > SessionIDs have 24 alphanumeric characters.
    >
    > Now what I would like to know is is the length of SessionIDs ALWAYS
    > GUARANTEED to be 24 in ASP.NET?
    >
    >
    =?Utf-8?B?TWlsb3N6IFNrYWxlY2tpIFtNQ0FEXQ==?=, Feb 28, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mitchua
    Replies:
    5
    Views:
    2,733
    Eric J. Roode
    Jul 17, 2003
  2. Thomas Henz

    Length of sessionID

    Thomas Henz, Aug 29, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    2,977
    Kevin Spencer
    Aug 29, 2003
  3. Ronald
    Replies:
    6
    Views:
    6,927
    Andy Mortimer [MS]
    Feb 23, 2004
  4. =?Utf-8?B?SG96aQ==?=
    Replies:
    1
    Views:
    6,954
    Ken Cox [Microsoft MVP]
    Jun 2, 2004
  5. Mark Meyers
    Replies:
    1
    Views:
    946
Loading...

Share This Page