Function ASP.NET uses to generate Session ID?

Question

Does ASP.NET expose the underlying function it uses to generate session IDs? I want to generate a session token for use in a web service, but it will not be put in the Set-Cookie header. If ASP.NET already has a function I can use to generate a session ID this will save me from having to roll my own.

score 5 · Accepted Answer · answered Aug 04 '09 at 15:32

5

Reflector is your friend:

SessionIDManager.CreateSessionID()

internal static string Create(ref RandomNumberGenerator randgen)
{
    if (randgen == null)
    {
        randgen = new RNGCryptoServiceProvider();
    }
    byte[] data = new byte[15];
    randgen.GetBytes(data);
    return Encode(data);
}

answered Aug 04 '09 at 15:32

edosoft

16,641
24
76
110

This was similar to how I was going to roll it on my own... comforting to know I wasn't far off. – DSO Aug 04 '09 at 21:13

score 1 · Answer 2 · answered Aug 04 '09 at 15:14

1

Can't you do System.Guid.NewGuid().ToString()?

answered Aug 04 '09 at 15:14

Dante

3,707
4
35
54

As I understand it, GUIDs are good for uniqueness but they are bad as a security token because they are not random enough to prevent guessing. – DSO Aug 04 '09 at 21:10
1

i'd like to see somebody guess a guid!! – Rod Johnson Jul 21 '10 at 21:14

score 0 · Answer 3 · answered Aug 04 '09 at 15:15

0

I'm not sure what ASP.Net uses under the hood, but you should be able to use System.Guid.NewGuid().ToString() to come up with a unique value.

answered Aug 04 '09 at 15:15

David

70,778
16
128
169

Function ASP.NET uses to generate Session ID?

3 Answers3

Linked