Is it possible to set session id to a value of my choice in asp.net

Question

We are creating a web site with ASP.Net Framework 4.5.

I know the way to generate a new sessionId using SessionManager for the current httpContext. I also believe that the sessionId field is readonly and cannot be modified. However, is it possible to create a new session having a sessionId of my choice?

For example, if I want the current session Id to have a value "ASDFGHIJKLQWERTY", is it possible to create one?

The client insists that it can be done. However, I strongly believe that this is not possible. I'm unable to find any reference justifying that it can or cannot be done.

If there are any code or references that you can help me with, I would be very thankful.

Answer 1

Yes, the SessionIDManager class can do that, like this:

SessionIDManager Manager = new SessionIDManager();

string NewID = Manager.CreateSessionID(Context);
string OldID = Context.Session.SessionID;
bool redirected = false;
bool IsAdded = false;
Manager.SaveSessionID(Context, NewID,out redirected, out IsAdded);
Response.Write("Old SessionId Is : " + OldID);
if (IsAdded)
{
    Response.Write("<br/> New Session ID Is : " + NewID);
}
else
{
    Response.Write("<br/> Session Id did not saved : ");
}