This documentation is archived and is not being maintained.

SessionIDManager Class

Manages unique identifiers for ASP.NET session state.

Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public class SessionIDManager : ISessionIDManager

The SessionIDManager class is an HTTP module that manages unique session identifiers for use with ASP.NET session state. The unique identifier for an ASP.NET session is the SessionID property, which can be accessed from the Session property of the current HttpContext or Page. The ASP.NET session identifier is a randomly generated number encoded into a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5.

By default, the SessionID value is sent in a cookie with each request to the ASP.NET application. The name of the cookie that contains the SessionID value is ASP.NET_SessionId by default. You can configure a different cookie name by setting the cookieName attribute of the sessionState Element (ASP.NET Settings Schema) to the desired cookie name.

If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState element to true in the Web.config file for your application. For more information, see the IsCookieless property.

Notes to Inheritors:

You can replace the ASP.NET session identifier with your own custom session identifier by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID and Validate methods with your own custom implementations. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method.

You can replace the entire SessionIDManager with a custom session-ID manager by creating a class that implements the ISessionIDManager interface. If your custom session-ID manager supports cookieless session identifiers, you will need to implement a solution for sending and retrieving session identifiers in the URL, such as an ISAPI filter. For more information about creating a custom session-ID manager, see ISessionIDManager.


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0