ISessionIDManager Interface
Defines the contract that a custom session-state identifier manager must implement.
Assembly: System.Web (in System.Web.dll)
| Name | Description | |
|---|---|---|
![]() | CreateSessionID(HttpContext) | Creates a unique session identifier. |
![]() | GetSessionID(HttpContext) | Gets the session identifier from the context of the current HTTP request. |
![]() | Initialize() | Initializes the SessionIDManager object. |
![]() | InitializeRequest(HttpContext, Boolean, Boolean) | Performs per-request initialization of the SessionIDManager object. |
![]() | RemoveSessionID(HttpContext) | Deletes the session identifier from the cookie or from the URL. |
![]() | SaveSessionID(HttpContext, String, Boolean, Boolean) | Saves a newly created session identifier to the HTTP response. |
![]() | Validate(String) | Confirms that the supplied session identifier is valid. |
The ISessionIDManager interface identifies the methods that you must implement to create a custom manager for session-identifier values. An ISessionIDManager interface implementation creates and validates session-identifier values, and manages the storage of a session identifier in the HTTP response as well as the retrieval of a session-identifier value from the HTTP request. You enable the custom session-ID manager using the sessionIDManagerType attribute of the sessionState Element (ASP.NET Settings Schema) configuration element.
If your ISessionIDManager interface implementation will support cookieless session identifiers, you will need to implement a solution for sending and retrieving session identifiers in the URL, such as an ISAPI filter.
If you only want to supply custom session-identifier values to be used by ASP.NET session state, you can create a class that inherits the SessionIDManager class and override only the CreateSessionID and Validate methods with your own custom implementation. This enables you to supply your own session-identifier values, while relying on the base SessionIDManager class to store values to the HTTP response and retrieve values from the HTTP request. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method of the SessionIDManager class.
The following code example shows a class that implements a cookie-based session-ID manager.
Imports System Imports System.Configuration Imports System.Web.Configuration Imports System.Web Imports System.Web.SessionState Namespace Samples.AspNet.Session Public Class MySessionIDManager Implements IHttpModule, ISessionIDManager Private pConfig As SessionStateSection = Nothing ' ' IHttpModule Members ' ' ' IHttpModule.Init ' Public Sub Init(app As HttpApplication) Implements IHttpModule.Init ' Obtain session-state configuration settings. If pConfig Is Nothing Then Dim cfg As System.Configuration.Configuration = _ WebConfigurationManager.OpenWebConfiguration( _ System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath) pConfig = CType(cfg.GetSection("system.web/sessionState"), SessionStateSection) End If End Sub ' ' IHttpModule.Dispose ' Public Sub Dispose() Implements IHttpModule.Dispose End Sub ' ' ISessionIDManager.Initialize ' Public Sub Initialize() Implements ISessionIDManager.Initialize End Sub ' ' ISessionIDManager.InitializeRequest ' Public Function InitializeRequest(context As HttpContext, _ suppressAutoDetectRedirect As Boolean, _ ByRef supportSessionIDReissue As Boolean) As Boolean _ Implements ISessionIDManager.InitializeRequest If pConfig.Cookieless = HttpCookieMode.UseCookies Then supportSessionIDReissue = False Return False Else supportSessionIDReissue = True Return context.Response.IsRequestBeingRedirected End If End Function ' ' ISessionIDManager Members ' ' ' ISessionIDManager.GetSessionID ' Public Function GetSessionID(context As HttpContext) As String _ Implements ISessionIDManager.GetSessionID Dim id As String = Nothing If pConfig.Cookieless = HttpCookieMode.UseUri Then ' Retrieve the SessionID from the URI. Else id = context.Request.Cookies(pConfig.CookieName).Value End If ' Verify that the retrieved SessionID is valid. If not, return Nothing. If Not Validate(id) Then _ id = Nothing Return id End Function ' ' ISessionIDManager.CreateSessionID ' Public Function CreateSessionID(context As HttpContext) As String _ Implements ISessionIDManager.CreateSessionID Return Guid.NewGuid().ToString() End Function ' ' ISessionIDManager.RemoveSessionID ' Public Sub RemoveSessionID(context As HttpContext) _ Implements ISessionIDManager.RemoveSessionID context.Response.Cookies.Remove(pConfig.CookieName) End Sub ' ' ISessionIDManager.SaveSessionID ' Public Sub SaveSessionID(context As HttpContext, _ id As String, _ ByRef redirected As Boolean, _ ByRef cookieAdded As Boolean) _ Implements ISessionIDManager.SaveSessionID redirected = False cookieAdded = False If pConfig.Cookieless = HttpCookieMode.UseUri Then ' Add the SessionID to the URI. Set the redirected variable as appropriate. redirected = True Return Else context.Response.Cookies.Add(New HttpCookie(pConfig.CookieName, id)) cookieAdded = True End If End Sub ' ' ISessionIDManager.Validate ' Public Function Validate(id As String) As Boolean _ Implements ISessionIDManager.Validate Try Dim testGuid As Guid = New Guid(id) If id = testGuid.ToString() Then _ Return True Catch End Try Return False End Function End Class End Namespace
Available since 2.0
