I noticed that the SessionID is now a complex string instead of a simple
number as it was under ASP.
I believe it could be because when session variables are persisted ot the
database, reusing a number should be avoided to prevent picking variables
used by a previously abandonned session.
That said I've not been able to find out how unique is supposed to be this
new SessionID, it is some kind of encoded GUID with uniqueness guarantee or
is it only likely unique ????
TIA for any reference about this.
Patrice
--
6  1910 
It's guaranteed unique inside an application as well as outside of it.
--
-----------
Got TidBits?
Get it here: www.networkip.net/tidbits
"Patrice Scribe" <no****@nowhere .com> wrote in message
news:e5******** ******@TK2MSFTN GP12.phx.gbl... I noticed that the SessionID is now a complex string instead of a simple
number as it was under ASP.
I believe it could be because when session variables are persisted ot the
database, reusing a number should be avoided to prevent picking variables
used by a previously abandonned session.
That said I've not been able to find out how unique is supposed to be this
new SessionID, it is some kind of encoded GUID with uniqueness guarantee
or is it only likely unique ????
TIA for any reference about this.
Patrice
--
More specifically it is never reused during the application lifetime malking
each sessionid unique accross the whole application lifetime ?
UInder the hood is this a GUID ?
--
"Alvin Bruney" <vapordan_spam_ me_not@hotmail_ no_spamhotmail. com> a écrit
dans le message de news:uC******** ******@tk2msftn gp13.phx.gbl... It's guaranteed unique inside an application as well as outside of it.
--
-----------
Got TidBits?
Get it here: www.networkip.net/tidbits
"Patrice Scribe" <no****@nowhere .com> wrote in message
news:e5******** ******@TK2MSFTN GP12.phx.gbl... I noticed that the SessionID is now a complex string instead of a simple
number as it was under ASP.
I believe it could be because when session variables are persisted ot
the database, reusing a number should be avoided to prevent picking
variables used by a previously abandonned session.
That said I've not been able to find out how unique is supposed to be
this new SessionID, it is some kind of encoded GUID with uniqueness guarantee
or is it only likely unique ????
TIA for any reference about this.
Patrice
--
Hi patrice,
Saving Session in database is only a optional way in ASP.NET, we also can
choose other session. Each active ASP.NET session is identified and tracked
using a 120-bit SessionID string containing only the ASCII characters that
are allowed in URLs. SessionID values are generated using an algorithm that
guarantees uniqueness so that sessions do not collide, and randomness so
that a malicious user cannot use a new SessionID to calculate the SessionID
of an existing session.
Hope this answer your question.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
And is it safe to say that this SessionID is never resused during the
lifetime of an application ?
TIA
Patrice
--
"MSFT" <lu******@onlin e.microsoft.com > a écrit dans le message de
news:96******** ******@cpmsftng xa06.phx.gbl... Hi patrice,
Saving Session in database is only a optional way in ASP.NET, we also can
choose other session. Each active ASP.NET session is identified and
tracked using a 120-bit SessionID string containing only the ASCII characters that
are allowed in URLs. SessionID values are generated using an algorithm
that guarantees uniqueness so that sessions do not collide, and randomness so
that a malicious user cannot use a new SessionID to calculate the
SessionID of an existing session.
Hope this answer your question.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Patrice,
Due the generation arithmetic of Session ID (128 bit), it is very very very
very hard to find same one. This is just like GUID.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Thanks a lot.
--
"MSFT" <lu******@onlin e.microsoft.com > a écrit dans le message de
news:m4******** ******@cpmsftng xa06.phx.gbl... Hi Patrice,
Due the generation arithmetic of Session ID (128 bit), it is very very
very very hard to find same one. This is just like GUID.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Bill |
last post by:
I'm wondering how unique the sessionid is in ASP. What is the math
behind it's creation, and what are the probobolities of it being
reproduced, i.e. 1/10000? or 1 in twenty million? Can someone give me
some guidance on this? I'm trying to create some unique numbers for
data assignement, and would like a way that does not replicate.
Thanks,
Bill
|
by: Stephanie Stowe |
last post by:
I have been out of this group for so long, then 2 questions in one day! Let
me give some background on what I am trying to do.....
I have an IIS server running ASP apps. I have a Websphere server being a
servlet container (and a couple of other things) running java servlets and
JSP. We are migrating our online services to JSP etc.. In the meantime, I am
trying to build an artifical session bridge. Imagine this...
A person logs into the...
|
by: Joshua Belden |
last post by:
I have a custom httpmodule that looks at the
HttpApplication.Context.Session.SessionId. I've noticed that it returns
a unique SessionId every time, even if the requests are made by the same
browser on the same visit. If I set or access any Session variable from
either the HttpModule or the aspx page the request is using it fixes
this and all subsequent SessionIds for the visit are the same, which is
what I would expect by default.
Does...
|
by: Ronald |
last post by:
howto
thanx
Ronald
|
by: Andy Fish |
last post by:
Hi,
I have an asp.net application that is using Forms Authentication and
maintaining http session state using cookies in the normal way.
when the user clicks the logout button I do this:
Session.Clear();
Session.Abandon();
FormsAuthentication.SignOut();
| | |
by: Hardin |
last post by:
I have an app that uses the sessionID to track user navigation and usage
through the application.
It works fine except in one case:
There is a point in the application where I want to "close" the user's
tracking and handle the user as if he had just logged on. To do that, I need
a new sessionID. But even if I call Session.Abandon(), the user's SessionID
does not change -- it just dumps session values.
How can I force a new...
|
by: rayala |
last post by:
Hi all,
I am having very weird problem in my Outlook
I am running my web application from with in Outlook.I found a strange
problem that it is creating different sessionId if i open a new window
using window.open from with in my application.I am pulling my hair all
along but no solution so far.Hope you guys can help me out.
my application works fine when i run this in IE.It is Outlook2003
|
by: Rob Meade |
last post by:
Hi all,
I've just put some code together (cobbled is a phrase I like to use) - to
handle a secure login to a web based application.
It's not exactly rocket science, a session is created, its ID and user ID
are written to the database, each page that requires authentication checks
to see if there is a current identity (ie a session already) and if so then
tries to match that to the one in the database - if everythings ok - great -
more...
|
by: kurt sune |
last post by:
Does anyone know how to retrieve the current sessionId in
Global.asax.ApplicationError?
/k
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
