SessionIDManager.CreateSessionID(HttpContext) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Creates a unique session identifier for the session.
public:
virtual System::String ^ CreateSessionID(System::Web::HttpContext ^ context);public virtual string CreateSessionID (System.Web.HttpContext context);abstract member CreateSessionID : System.Web.HttpContext -> string
override this.CreateSessionID : System.Web.HttpContext -> stringPublic Overridable Function CreateSessionID (context As HttpContext) As StringParameters
- context
- HttpContext
The current HttpContext object that references server objects used to process HTTP requests (for example, the Request and Response properties).
Returns
A unique session identifier.
Implements
Examples
The following code example shows a class that inherits the SessionIDManager class and overrides the CreateSessionID and Validate methods with methods that supply and validate a Guid as the SessionID.
using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;
namespace Samples.AspNet.Session
{
public class GuidSessionIDManager : SessionIDManager
{
public override string CreateSessionID(HttpContext context)
{
return Guid.NewGuid().ToString();
}
public override bool Validate(string id)
{
try
{
Guid testGuid = new Guid(id);
if (id == testGuid.ToString())
return true;
}
catch
{
}
return false;
}
}
}
Imports System.Configuration
Imports System.Web.Configuration
Imports System.Web
Imports System.Web.SessionState
Namespace Samples.AspNet.Session
Public Class GuidSessionIDManager
Inherits SessionIDManager
Public Overrides Function CreateSessionID(context As HttpContext) As String
Return Guid.NewGuid().ToString()
End Function
Public Overrides Function Validate(id As String) As Boolean
Try
Dim testGuid As Guid = New Guid(id)
If id = testGuid.ToString() Then _
Return True
Catch
End Try
Return False
End Function
End Class
End Namespace
To use the custom class demonstrated in this example, configure the sessionIDManagerType attribute of the sessionState Element (ASP.NET Settings Schema) element, as shown in the following example.
<sessionState
Mode="InProc"
stateConnectionString="tcp=127.0.0.1:42424"
stateNetworkTimeout="10"
sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI"
sqlCommandTimeout="30"
customProvider=""
cookieless="false"
regenerateExpiredSessionId="false"
timeout="20"
sessionIDManagerType="Your.ID.Manager.Type,
CustomAssemblyNameInBinFolder"
/>
Remarks
This method is not intended to be called from application code.
The CreateSessionID method returns a unique session identifier that is a randomly generated number encoded into a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5.
Notes to Inheritors
You can supply a custom session identifier to be used by ASP.NET session state by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID(HttpContext) and Validate(String) methods with your own custom implementations. If your custom session ID does not meet the character constraints enforced by the default implementation of the Validate(String) method, you should override the Validate(String) method to provide validation of your custom session identifier. In this case, the SessionIDManager class will ensure that your custom session identifier is URL encoded in the HTTP response and URL decoded from the HTTP request using the Encode(String) and Decode(String) methods, respectively.
