Share via

SessionIDManager Class


Manages unique identifiers for ASP.NET session state.

public ref class SessionIDManager : System::Web::SessionState::ISessionIDManager
public class SessionIDManager : System.Web.SessionState.ISessionIDManager
type SessionIDManager = class
    interface ISessionIDManager
Public Class SessionIDManager
Implements ISessionIDManager


The SessionIDManager class is an HTTP module that manages unique session identifiers for use with ASP.NET session state. The unique identifier for an ASP.NET session is the SessionID property, which can be accessed from the Session property of the current HttpContext or Page. The ASP.NET session identifier is a randomly generated number encoded into a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5.

By default, the SessionID value is sent in a cookie with each request to the ASP.NET application. The name of the cookie that contains the SessionID value is ASP.NET_SessionId by default. You can configure a different cookie name by setting the cookieName attribute of the sessionState Element (ASP.NET Settings Schema) to the desired cookie name.

If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState element to true in the Web.config file for your application. For more information, see the IsCookieless property.

Notes to Inheritors

You can replace the ASP.NET session identifier with your own custom session identifier by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID(HttpContext) and Validate(String) methods with your own custom implementations. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID(HttpContext) method.

You can replace the entire SessionIDManager with a custom session-ID manager by creating a class that implements the ISessionIDManager interface. If your custom session-ID manager supports cookieless session identifiers, you will need to implement a solution for sending and retrieving session identifiers in the URL, such as an ISAPI filter. For more information about creating a custom session-ID manager, see ISessionIDManager.



Creates an instance of the SessionIDManager class.



Gets the maximum length of a valid session identifier.



Creates a unique session identifier for the session.


Decodes a URL-encoded session identifier obtained from a cookie or the URL.


Encodes the session identifier for saving to either a cookie or the URL.


Determines whether the specified object is equal to the current object.

(Inherited from Object)

Serves as the default hash function.

(Inherited from Object)

Gets the session-identifier value from the current Web request.


Gets the Type of the current instance.

(Inherited from Object)

Initializes the SessionIDManager object with information from configuration files.

InitializeRequest(HttpContext, Boolean, Boolean)

Performs per-request initialization of the SessionIDManager object.


Creates a shallow copy of the current Object.

(Inherited from Object)

Deletes the session-identifier cookie from the HTTP response.

SaveSessionID(HttpContext, String, Boolean, Boolean)

Saves a newly created session identifier to the HTTP response.


Returns a string that represents the current object.

(Inherited from Object)

Gets a value indicating whether a session identifier is valid.

Applies to

See also