Need ASP script to Generate Unique Session ID

Discussion in 'ASP General' started by Dan Thompson, Dec 7, 2009.

  1. Dan Thompson

    Dan Thompson Guest

    Hello I am still quite new to ASP and I am wondering if anyone can help ?
    I am trying to write a ASP script to put into my website that will generate
    a random and unique Session ID that is stored in a cookie on the clients end
    for the duration of time they are logged into my website. Can anyone provide
    me with a simple ASP script to do this or at least provide some insight on
    how to go about doing this ?

    Dan Thompson
     
    Dan Thompson, Dec 7, 2009
    #1
    1. Advertisements

  2. Dan Thompson

    Evertjan. Guest

    =?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in
    microsoft.public.inetserver.asp.general:
    ASP will do this by itself.

    <%
    Response.Write Session.SessionID
    %>
     
    Evertjan., Dec 7, 2009
    #2
    1. Advertisements

  3. Dan Thompson

    Dan Thompson Guest

    I thought I would clarify more what I am looking for so here is the deal.

    I already have a Login.asp page where the user can type in login information
    then I have a verify.asp page that verify's the user login info with the
    username and password information in MySQL database.
    The problem is I need a unique user ID and I could just use some sort of
    random user ID number generator function into MySQL as a primary key (userID)
    but once the number has been generated for new user that has been added to
    MySQL database that user ID is going to be the same for as long as the user
    exists in the database.
    I would much rather just have my verify page verify that the username and
    password are correct and than have ASP assign a session ID to that user for
    the duration that they are on my website that way it is more secure and less
    likely that someone could guess the URL as the session ID number would only
    be valid for the duration that the proper user is logged into the site and
    would be a different number the next time that same user log's into the site.

    Please can anyone help with this question ?

    Dan Thompson
     
    Dan Thompson, Dec 7, 2009
    #3
  4. Dan Thompson

    Evertjan. Guest

    =?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in
    microsoft.public.inetserver.asp.general:
    As I told you, the session.id is unique and available during the whole
    session.

    I do not see the problem that the user also has his unique serial nmber
    in your database, you can just assign that nummber to a session variable,
    that is not available to the outside world, but uniquely identifies your
    user during a single or multiple sessions.

    Ofcourse, you should not use that number as a determinant for the session
    in a querystring or post data. That is where session cookies come in to
    hold the Session.id value.

    Are you afraid of cookies, perhaps?
     
    Evertjan., Dec 7, 2009
    #4
  5. Dan Thompson

    Neil Gould Guest

    Hi Dan,

    Every ASP session generates a unique session ID, as Evertjan has pointed
    out. However, for what you've said you're trying to accomplish, I doubt that
    the session ID would be of use, because a unique ID is generated every time
    a user logs in, and it is used only to track that specific session, so it
    would have no value as a validator in a cookie.

    OTOH, a unique user ID that is assigned when the user is initially added to
    the database can be accessed during log in to track other activities.
    Typically, this will be a key field to make searches faster, and is useful
    as a way to build entries in a related table, for example for logging orders
    or such. As you may guess, this leads to a host of other issues regarding
    the structure of relational databases that is unrelated to the issue of
    security.

    There is a lot of information about this on the web, and if you narrow your
    concerns a bit, a google search will provide you with a lot of reading
    material.

    Best,

    Neil
     
    Neil Gould, Dec 8, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.