Gets the unique identifier for the session.
Assembly: System.Web (in System.Web.dll)
The property is used to uniquely identify a browser with session data on the server. The value is randomly generated by ASP.NET and stored in a non-expiring session cookie in the browser. The value is then sent in a cookie with each request to the ASP.NET application.
The is sent between the server and the browser in clear text, either in a cookie or in the URL. As a result, an unwanted source could gain access to the session of another user by obtaining the value and including it in requests to the server. If you are storing private or sensitive information in session state, it is recommended that you use SSL to encrypt any communication between the browser and server that includes the .
When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object.
If your application uses cookieless session state, the session ID is generated on the first page view and is maintained for the entire session.
The following code example shows a Web.config file that configures session state to use cookieless session identifiers. For more information, see the IsCookieless property.
<configuration> <system.web> <sessionState cookieless="true" regenerateExpiredSessionId="true" timeout="30" /> </system.web> </configuration>
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2