We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifie r is the users login):
using System.Security .Cryptography;
public string GenerateSession ID(string UniqueIdentifie r)
{
TimeSpan objTS =
System.Diagnost ics.Process.Get CurrentProcess( ).TotalProcesso rTime;
int t = DateTime.Now.Se cond + DateTime.Now.Mi llisecond + objTS.Seconds +
objTS.Milliseco nds;
long lngRandom = new System.Random(t ).Next();
string strData = UniqueIdentifie r + lngRandom.ToStr ing();
string strTmp = "";
System.Text.Uni codeEncoding encoding = new System.Text.Uni codeEncoding();
byte[] hashBytes = encoding.GetByt es(strData);
SHA1 sha1 = new SHA1CryptoServi ceProvider();
byte[] cryptPassword = sha1.ComputeHas h(hashBytes);
for ( int x=0 ; x < cryptPassword.L ength ; x++ )
{
strTmp = strTmp + String.Format(" {0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the random
number generator. In other words, UserLogin + date and time + processor
time... is still not truly unique, because these numbers can overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to have
this be 100%. Any ideas?
4  6812 
Why not simply use a database field with an auto-incrementing number. This
will give you a unique number. The main problem with this is that the
numbers are sequential (thus, being rather easy to guess other session id's
from your own session id). One method to get around this is to have another
field in the same database which contains the "public session id". This
field is set to "Unique", so the database will force that no two session
id's are identical. Then, the end-user must supply boh values to gain
access. You can use your string below as this second value.
DanB
"RCS" <rs****@gmail.c om> wrote in message
news:Mb******** ********@newssv r17.news.prodig y.com... We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifie r is the users login):
using System.Security .Cryptography;
public string GenerateSession ID(string UniqueIdentifie r)
{
TimeSpan objTS =
System.Diagnost ics.Process.Get CurrentProcess( ).TotalProcesso rTime;
int t = DateTime.Now.Se cond + DateTime.Now.Mi llisecond + objTS.Seconds +
objTS.Milliseco nds;
long lngRandom = new System.Random(t ).Next();
string strData = UniqueIdentifie r + lngRandom.ToStr ing();
string strTmp = "";
System.Text.Uni codeEncoding encoding = new System.Text.Uni codeEncoding();
byte[] hashBytes = encoding.GetByt es(strData);
SHA1 sha1 = new SHA1CryptoServi ceProvider();
byte[] cryptPassword = sha1.ComputeHas h(hashBytes);
for ( int x=0 ; x < cryptPassword.L ength ; x++ )
{
strTmp = strTmp + String.Format(" {0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?
In message <Mb************ ****@newssvr17. news.prodigy.co m>, RCS
<rs****@gmail.c om> writes We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifi er is the users login):
System.Guid.New Guid()?
--
Steve Walker
This might help: http://groups-beta.google.com/groups...+oj+Uuidcreate
or: http://groups-beta.google.com/groups...j+GenerateComb
--
-oj
"RCS" <rs****@gmail.c om> wrote in message
news:Mb******** ********@newssv r17.news.prodig y.com... We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifie r is the users login):
using System.Security .Cryptography;
public string GenerateSession ID(string UniqueIdentifie r)
{
TimeSpan objTS =
System.Diagnost ics.Process.Get CurrentProcess( ).TotalProcesso rTime;
int t = DateTime.Now.Se cond + DateTime.Now.Mi llisecond + objTS.Seconds +
objTS.Milliseco nds;
long lngRandom = new System.Random(t ).Next();
string strData = UniqueIdentifie r + lngRandom.ToStr ing();
string strTmp = "";
System.Text.Uni codeEncoding encoding = new System.Text.Uni codeEncoding();
byte[] hashBytes = encoding.GetByt es(strData);
SHA1 sha1 = new SHA1CryptoServi ceProvider();
byte[] cryptPassword = sha1.ComputeHas h(hashBytes);
for ( int x=0 ; x < cryptPassword.L ength ; x++ )
{
strTmp = strTmp + String.Format(" {0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?
Guid.NewGuid(); ?
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
This might help: http://groups-beta.google.com/groups...+oj+Uuidcreate
or: http://groups-beta.google.com/groups...j+GenerateComb
--
-oj
"RCS" <rs****@gmail.c om> wrote in message
news:Mb******** ********@newssv r17.news.prodig y.com... We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifie r is the users login):
using System.Security .Cryptography;
public string GenerateSession ID(string UniqueIdentifie r)
{
TimeSpan objTS =
System.Diagnost ics.Process.Get CurrentProcess( ).TotalProcesso rTime;
int t = DateTime.Now.Se cond + DateTime.Now.Mi llisecond + objTS.Seconds +
objTS.Milliseco nds;
long lngRandom = new System.Random(t ).Next();
string strData = UniqueIdentifie r + lngRandom.ToStr ing();
string strTmp = "";
System.Text.Uni codeEncoding encoding = new System.Text.Uni codeEncoding();
byte[] hashBytes = encoding.GetByt es(strData);
SHA1 sha1 = new SHA1CryptoServi ceProvider();
byte[] cryptPassword = sha1.ComputeHas h(hashBytes);
for ( int x=0 ; x < cryptPassword.L ength ; x++ )
{
strTmp = strTmp + String.Format(" {0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?
[microsoft.publi c.dotnet.langua ges.csharp] This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Tony Clarke |
last post by:
Hi,
I'm trying to write a system thats used for about 50 clients that uses html
forms and php to log details. The problem is that when a client loads the
form page it's given a value which is the last record in a table +1 (i.e. so
its the next record). The problem with that is that a client could sit on
that page for 20 mins (or whatever length of time) and a different client
could use that record number and there what be an error...
|
by: Newton |
last post by:
Hi,
I got here the following problem. I am programming
web application for examing students.
After student will log on I need to keep his ID,
Privileges, Login, Password for manipulating with other
functions. All these information I will keep by
Session = "2"
Session = "Student"
|
by: Nelson Smith |
last post by:
It appears that the session Id is not unique when the application is
updated.
Here is how I encounter that.
User logged in around 7 AM. Application recorded that Session Id as s1.
I updated the web application around 7.30 AM.
|
by: Ben Fidge |
last post by:
Are IIS session ID's guaranteed to be unique forever, like GUID's. Ie, would
it be safe to assume that a session ID is not ever going to be used again or
recycled? I want to track user activity on a web-site by storing the session
id and activity in a Sql Server database. Oviously if a session Id is used
more than once over a given time period, then the reporting is going to be
inaccurate.
Ben
|
by: Nagib Abi Fadel |
last post by:
Is it possible to create a session variable for each user in Postresql ??
Thx
| | |
by: rayala |
last post by:
Hi all,
I am having very weird problem in my Outlook
I am running my web application from with in Outlook.I found a strange
problem that it is creating different sessionId if i open a new window
using window.open from with in my application.I am pulling my hair all
along but no solution so far.Hope you guys can help me out.
my application works fine when i run this in IE.It is Outlook2003
|
by: crescent_au |
last post by:
Hi everybody,
I want to create dynamic breadcrumbs for a site I am developing. I just
want to get some views about the algorithm of breadcrumbs.
The way I look at it is the concept of parent/ child (main/ sub). I
have the "Home" page, which has links to sub-pages such as
"Introduction", "History", "Timetable", etc. Each page can have other
sub-pages, such as "Timetable" can have "Semester1", "Semester2", etc.
This is how I'd initially...
|
by: tamaker |
last post by:
I have a registration form where a user is able to, upon submission of
the form, have their submission entered into a simple database... now
Im looking to create a word document on the fly from that submission
using this as a model to build from:
http://www.freevbcode.com/ShowCode.Asp?ID=1727
There are no errors generated but there is NO .DOC file created at all
either... Im not sure what Im doing wrong... any clue what I need to...
|
by: TechieGrl |
last post by:
I apologize, but I posted this in the php general forum earlier and
realized that this is the more appropriate forum. Hopefully there's a
coder here who has done this in the past.
I've got code that uses CURL to go a web page to read the data.
When I type in www.website.com, the server automatically adds a
session variable to the url. I need to be able to read that session
variable. Then I will use that session variable to input...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
