We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;
public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the random
number generator. In other words, UserLogin + date and time + processor
time... is still not truly unique, because these numbers can overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to have
this be 100%. Any ideas?
4  6758 
Why not simply use a database field with an auto-incrementing number. This
will give you a unique number. The main problem with this is that the
numbers are sequential (thus, being rather easy to guess other session id's
from your own session id). One method to get around this is to have another
field in the same database which contains the "public session id". This
field is set to "Unique", so the database will force that no two session
id's are identical. Then, the end-user must supply boh values to gain
access. You can use your string below as this second value.
DanB
"RCS" <rs****@gmail.com> wrote in message
news:Mb****************@newssvr17.news.prodigy.com ... We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;
public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?
In message <Mb****************@newssvr17.news.prodigy.com>, RCS
<rs****@gmail.com> writes We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
System.Guid.NewGuid()?
--
Steve Walker
This might help: http://groups-beta.google.com/groups...+oj+Uuidcreate
or: http://groups-beta.google.com/groups...j+GenerateComb
--
-oj
"RCS" <rs****@gmail.com> wrote in message
news:Mb****************@newssvr17.news.prodigy.com ... We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;
public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?
Guid.NewGuid(); ?
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
This might help: http://groups-beta.google.com/groups...+oj+Uuidcreate
or: http://groups-beta.google.com/groups...j+GenerateComb
--
-oj
"RCS" <rs****@gmail.com> wrote in message
news:Mb****************@newssvr17.news.prodigy.com ... We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and
something like 2 dozen apps. Everyonce in a while, a user gets the error
that their session is a duplicate in the database.. I talked to the
database guys about putting in a job that cleans up old sessions, but I
also want to have this work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;
public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().Tot alProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the
random number generator. In other words, UserLogin + date and time +
processor time... is still not truly unique, because these numbers can
overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to
have this be 100%. Any ideas?
[microsoft.public.dotnet.languages.csharp] This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Tony Clarke |
last post by:
Hi,
I'm trying to write a system thats used for about 50 clients that uses html
forms and php to log details. The problem is that when a client loads the
form page it's given a value which is...
|
by: Newton |
last post by:
Hi,
I got here the following problem. I am programming
web application for examing students.
After student will log on I need to keep his ID,
Privileges, Login, Password for manipulating with...
|
by: Nelson Smith |
last post by:
It appears that the session Id is not unique when the application is
updated.
Here is how I encounter that.
User logged in around 7 AM. Application recorded that Session Id as s1.
I...
|
by: Ben Fidge |
last post by:
Are IIS session ID's guaranteed to be unique forever, like GUID's. Ie, would
it be safe to assume that a session ID is not ever going to be used again or
recycled? I want to track user activity on...
|
by: Nagib Abi Fadel |
last post by:
Is it possible to create a session variable for each user in Postresql ??
Thx
|
by: rayala |
last post by:
Hi all,
I am having very weird problem in my Outlook
I am running my web application from with in Outlook.I found a strange
problem that it is creating different sessionId if i open a new...
|
by: crescent_au |
last post by:
Hi everybody,
I want to create dynamic breadcrumbs for a site I am developing. I just
want to get some views about the algorithm of breadcrumbs.
The way I look at it is the concept of parent/...
|
by: tamaker |
last post by:
I have a registration form where a user is able to, upon submission of
the form, have their submission entered into a simple database... now
Im looking to create a word document on the fly from...
|
by: TechieGrl |
last post by:
I apologize, but I posted this in the php general forum earlier and
realized that this is the more appropriate forum. Hopefully there's a
coder here who has done this in the past.
I've got code...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
