Hi Ken
I don't think session IDs are guaranteed to be unique, so you wouldn't
want to use that. There's also the danger of session hijacking.
That's exactly what I am trying to avoid.
Can you create your own GUID and store it in a Session variable or cookie
for each user?
At the moment my LogIn() method returns a Guid generated using
Guid.NewGuid(). According to a book I once read on ASP .net classic ASP
used to use this approach but apparently it is too easy to guess the next
Guid in the sequence, therefore people would log in to get their Guid and
then guess the Guid of other sessions before/after it in the sequence.
I also read that ASP .net gets around this by modifying the generated Guid
in some way (MD5 maybe?) to help prevent this from happening. I'm not
really at high risk of this kind of behaviour but still I'd like to know how
it is done so that I may implement it for future reference.
Thanks
Pete