By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,157 Members | 1,001 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,157 IT Pros & Developers. It's quick & easy.

Ideas on creating a unique session id?

P: n/a
RCS
We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.

I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;

public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}

But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:

05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)

Same with seconds, etc.. I need a truly random number or seed for the random
number generator. In other words, UserLogin + date and time + processor
time... is still not truly unique, because these numbers can overlap.

Anyhow already have a bullet-proof way to handle this?

This process is very random, well - like 99%.. but I would just like to have
this be 100%. Any ideas?
Nov 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Why not simply use a database field with an auto-incrementing number. This
will give you a unique number. The main problem with this is that the
numbers are sequential (thus, being rather easy to guess other session id's
from your own session id). One method to get around this is to have another
field in the same database which contains the "public session id". This
field is set to "Unique", so the database will force that no two session
id's are identical. Then, the end-user must supply boh values to gain
access. You can use your string below as this second value.

DanB
"RCS" <rs****@gmail.com> wrote in message
news:Mb****************@newssvr17.news.prodigy.com ...
We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.

I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;

public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}

But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:

05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)

Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.

Anyhow already have a bullet-proof way to handle this?

This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?

Nov 17 '05 #2

P: n/a
In message <Mb****************@newssvr17.news.prodigy.com>, RCS
<rs****@gmail.com> writes
We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.

I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):


System.Guid.NewGuid()?

--
Steve Walker
Nov 17 '05 #3

P: n/a
oj
This might help:
http://groups-beta.google.com/groups...+oj+Uuidcreate

or:

http://groups-beta.google.com/groups...j+GenerateComb

--
-oj
"RCS" <rs****@gmail.com> wrote in message
news:Mb****************@newssvr17.news.prodigy.com ...
We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.

I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;

public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}

But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:

05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)

Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.

Anyhow already have a bullet-proof way to handle this?

This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?

Nov 17 '05 #4

P: n/a
Guid.NewGuid(); ?

Regards

Richard Blewett - DevelopMentor
http://www.dotnetconsult.co.uk/weblog
http://www.dotnetconsult.co.uk

This might help:
http://groups-beta.google.com/groups...+oj+Uuidcreate

or:

http://groups-beta.google.com/groups...j+GenerateComb

--
-oj
"RCS" <rs****@gmail.com> wrote in message
news:Mb****************@newssvr17.news.prodigy.com ...
We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.

I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;

public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}

But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:

05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)

Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.

Anyhow already have a bullet-proof way to handle this?

This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?


[microsoft.public.dotnet.languages.csharp]
Nov 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.