Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
.NET Framework Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
.NET Development
.NET Framework 3.5
 SessionID Property
Collapse All/Expand All Collapse All
This page is specific to
Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:
.NET Framework Class Library
HttpSessionState..::.SessionID Property

Gets the unique identifier for the session.

Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)
 Syntax
Visual Basic (Declaration) 
Public ReadOnly Property SessionID As String
Visual Basic (Usage) 
Dim instance As HttpSessionState
Dim value As String

value = instance.SessionID
C# 
public string SessionID { get; }
Visual C++ 
public:
property String^ SessionID {
    String^ get ();
}
JScript 
public function get SessionID () : String

Property Value

Type: System..::.String
The unique session identifier.
 Remarks

The SessionID property is used to uniquely identify a browser with session data on the server. The SessionID value is randomly generated by ASP.NET and stored in a non-expiring session cookie in the browser. The SessionID value is then sent in a cookie with each request to the ASP.NET application.

If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState configuration element to true, or to UseUri, in the Web.config file for your application. You can have ASP.NET determine whether cookies are supported by the browser by specifying a value of UseDeviceProfile for the cookieless attribute. You can also have ASP.NET determine whether cookies are enabled for the browser by specifying a value of AutoDetect for the cookieless attribute. If cookies are supported when UseDeviceProfile is specified, or enabled when AutoDetect is specified, then the session identifier will be stored in a cookie; otherwise the session identifier will be stored in the URL. For more information, see the IsCookieless property.

The SessionID is sent between the server and the browser in clear text, either in a cookie or in the URL. As a result, an unwanted source could gain access to the session of another user by obtaining the SessionID value and including it in requests to the server. If you are storing private or sensitive information in session state, it is recommended that you use SSL to encrypt any communication between the browser and server that includes the SessionID.

When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object.

If your application uses cookieless session state, the session ID is generated on the first page view and is maintained for the entire session.
 Examples

The following code example shows a Web.config file that configures session state to use cookieless session identifiers. For more information, see the IsCookieless property.

<configuration>
  <system.web>
    <sessionState 
      cookieless="true"
      regenerateExpiredSessionId="true"
      timeout="30" />
  </system.web>
</configuration>
 Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
 Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0
 See Also

Reference

HttpSessionState Class
HttpSessionState Members
System.Web.SessionState Namespace

Other Resources

ASP.NET Session State Overview
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Surprising Breaking change      Y2KPRABU   |   Edit   |   Show History

"When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object. "

Every time I press refresh say on the first page, it generates a new session id.

this was not the case in .Net 1.1 atleast, this should be highlighted

New Session ID for each postback / redirect Issue in IE 6.0      KingCobra   |   Edit   |   Show History
I see this issue specifically in IE 6.0 and not other versions. A Postback or a redirect generates a new Session ID irrespective of you have set a session (variable and value) or not. This issue never occurs in IE 7.0, Mozilla

I know IE 6.0 cannot be fixed, but is there a .Net solution ???????
Tags What's this?: Add a tag
Flag as ContentBug
© 2010 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker