Assembly: System.Web (in system.web.dll)
The maximum length of a session identifier is 80 characters.
While session identifiers created by the CreateSessionID method are 24 characters long, the maximum length of a session identifier allowed by the SessionIDManager class is 80 characters. This is especially important if you implement a custom SessionIDManager. The GetSessionID method, which retrieves session-identifier values from the current HttpRequest, ensures that values do not exceed the SessionIDMaxLength value and that the session identifier is a 24-character string containing only the lowercase characters a to z and the numbers 0 to 5 by calling the Validate method. If you implement a custom SessionIDManager class that inherits the SessionIDManager class and overrides the CreateSessionID method but not the Validate method, your custom session-identifier values must meet the constraints above. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method.