473,387 Members | 1,745 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > sessionid - how unique it is now ?

Join Bytes to post your question to a community of 473,387 software developers and data experts.

SessionID - How unique it is now ?

I noticed that the SessionID is now a complex string instead of a simple
number as it was under ASP.

I believe it could be because when session variables are persisted ot the
database, reusing a number should be avoided to prevent picking variables
used by a previously abandonned session.

That said I've not been able to find out how unique is supposed to be this
new SessionID, it is some kind of encoded GUID with uniqueness guarantee or
is it only likely unique ????

TIA for any reference about this.

Patrice

--
Nov 17 '05 #1
6 1897
It's guaranteed unique inside an application as well as outside of it.

--
-----------
Got TidBits?
Get it here: www.networkip.net/tidbits
"Patrice Scribe" <no****@nowhere.com> wrote in message
news:e5**************@TK2MSFTNGP12.phx.gbl...
I noticed that the SessionID is now a complex string instead of a simple
number as it was under ASP.

I believe it could be because when session variables are persisted ot the
database, reusing a number should be avoided to prevent picking variables
used by a previously abandonned session.

That said I've not been able to find out how unique is supposed to be this
new SessionID, it is some kind of encoded GUID with uniqueness guarantee or is it only likely unique ????

TIA for any reference about this.

Patrice

--

Nov 17 '05 #2
More specifically it is never reused during the application lifetime malking
each sessionid unique accross the whole application lifetime ?

UInder the hood is this a GUID ?

--

"Alvin Bruney" <vapordan_spam_me_not@hotmail_no_spamhotmail.com > a écrit
dans le message de news:uC**************@tk2msftngp13.phx.gbl...
It's guaranteed unique inside an application as well as outside of it.

--
-----------
Got TidBits?
Get it here: www.networkip.net/tidbits
"Patrice Scribe" <no****@nowhere.com> wrote in message
news:e5**************@TK2MSFTNGP12.phx.gbl...
I noticed that the SessionID is now a complex string instead of a simple
number as it was under ASP.

I believe it could be because when session variables are persisted ot the database, reusing a number should be avoided to prevent picking variables used by a previously abandonned session.

That said I've not been able to find out how unique is supposed to be this new SessionID, it is some kind of encoded GUID with uniqueness guarantee

or
is it only likely unique ????

TIA for any reference about this.

Patrice

--



Nov 17 '05 #3
Hi patrice,

Saving Session in database is only a optional way in ASP.NET, we also can
choose other session. Each active ASP.NET session is identified and tracked
using a 120-bit SessionID string containing only the ASCII characters that
are allowed in URLs. SessionID values are generated using an algorithm that
guarantees uniqueness so that sessions do not collide, and randomness so
that a malicious user cannot use a new SessionID to calculate the SessionID
of an existing session.

Hope this answer your question.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 17 '05 #4
And is it safe to say that this SessionID is never resused during the
lifetime of an application ?

TIA

Patrice

--

"MSFT" <lu******@online.microsoft.com> a écrit dans le message de
news:96**************@cpmsftngxa06.phx.gbl...
Hi patrice,

Saving Session in database is only a optional way in ASP.NET, we also can
choose other session. Each active ASP.NET session is identified and tracked using a 120-bit SessionID string containing only the ASCII characters that
are allowed in URLs. SessionID values are generated using an algorithm that guarantees uniqueness so that sessions do not collide, and randomness so
that a malicious user cannot use a new SessionID to calculate the SessionID of an existing session.

Hope this answer your question.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Nov 17 '05 #5
Hi Patrice,

Due the generation arithmetic of Session ID (128 bit), it is very very very
very hard to find same one. This is just like GUID.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 17 '05 #6
Thanks a lot.

--

"MSFT" <lu******@online.microsoft.com> a écrit dans le message de
news:m4**************@cpmsftngxa06.phx.gbl...
Hi Patrice,

Due the generation arithmetic of Session ID (128 bit), it is very very very very hard to find same one. This is just like GUID.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Nov 17 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
What is the math behind the sessionid?
by: Bill | last post by:
I'm wondering how unique the sessionid is in ASP. What is the math behind it's creation, and what are the probobolities of it being reproduced, i.e. 1/10000? or 1 in twenty million? Can someone...
ASP / Active Server Pages
3
sessionid question
by: Stephanie Stowe | last post by:
I have been out of this group for so long, then 2 questions in one day! Let me give some background on what I am trying to do..... I have an IIS server running ASP apps. I have a Websphere server...
ASP / Active Server Pages
0
Custom HttpModule returning unique SessionId
by: Joshua Belden | last post by:
I have a custom httpmodule that looks at the HttpApplication.Context.Session.SessionId. I've noticed that it returns a unique SessionId every time, even if the requests are made by the same...
C# / C Sharp
4
sessionId is reused after calling session.abandon
by: Andy Fish | last post by:
Hi, I have an asp.net application that is using Forms Authentication and maintaining http session state using cookies in the normal way. when the user clicks the logout button I do this: ...
ASP.NET
2
How to force a New Session and SessionID
by: Hardin | last post by:
I have an app that uses the sessionID to track user navigation and usage through the application. It works fine except in one case: There is a point in the application where I want to "close"...
ASP.NET
11
Why Outlook creating Different SessionId for a single session
by: rayala | last post by:
Hi all, I am having very weird problem in my Outlook I am running my web application from with in Outlook.I found a strange problem that it is creating different sessionId if i open a new...
ASP / Active Server Pages
6
ASP.Net [2.0] - SessionID
by: Rob Meade | last post by:
Hi all, I've just put some code together (cobbled is a phrase I like to use) - to handle a secure login to a web based application. It's not exactly rocket science, a session is created, its...
ASP.NET
11
Retrieve SessionID in Global asax
by: kurt sune | last post by:
Does anyone know how to retrieve the current sessionId in Global.asax.ApplicationError? /k
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!