Function ASP.NET uses to generate Session ID?

https://stackoverflow.com/questions/1228085

asp.net
session
sessionid

22-07-2019
|

Question

Does ASP.NET expose the underlying function it uses to generate session IDs? I want to generate a session token for use in a web service, but it will not be put in the Set-Cookie header. If ASP.NET already has a function I can use to generate a session ID this will save me from having to roll my own.

Solution

Reflector is your friend:

SessionIDManager.CreateSessionID()

internal static string Create(ref RandomNumberGenerator randgen)
{
    if (randgen == null)
    {
        randgen = new RNGCryptoServiceProvider();
    }
    byte[] data = new byte[15];
    randgen.GetBytes(data);
    return Encode(data);
}

OTHER TIPS

Can't you do System.Guid.NewGuid().ToString()?

I'm not sure what ASP.Net uses under the hood, but you should be able to use System.Guid.NewGuid().ToString() to come up with a unique value.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow