This documentation is archived and is not being maintained.

ISessionIDManager Interface

Defines the contract that a custom session-state identifier manager must implement.

Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

Public Interface ISessionIDManager

The ISessionIDManager type exposes the following members.

Public methodCreateSessionIDCreates a unique session identifier.
Public methodGetSessionIDGets the session identifier from the context of the current HTTP request.
Public methodInitializeInitializes the SessionIDManager object.
Public methodInitializeRequestPerforms per-request initialization of the SessionIDManager object.
Public methodRemoveSessionIDDeletes the session identifier from the cookie or from the URL.
Public methodSaveSessionIDSaves a newly created session identifier to the HTTP response.
Public methodValidateConfirms that the supplied session identifier is valid.

The ISessionIDManager interface identifies the methods that you must implement to create a custom manager for session-identifier values. An ISessionIDManager interface implementation creates and validates session-identifier values, and manages the storage of a session identifier in the HTTP response as well as the retrieval of a session-identifier value from the HTTP request. You enable the custom session-ID manager using the sessionIDManagerType attribute of the sessionState Element (ASP.NET Settings Schema) configuration element.

If your ISessionIDManager interface implementation will support cookieless session identifiers, you will need to implement a solution for sending and retrieving session identifiers in the URL, such as an ISAPI filter.

If you only want to supply custom session-identifier values to be used by ASP.NET session state, you can create a class that inherits the SessionIDManager class and override only the CreateSessionID and Validate methods with your own custom implementation. This enables you to supply your own session-identifier values, while relying on the base SessionIDManager class to store values to the HTTP response and retrieve values from the HTTP request. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method of the SessionIDManager class.

The following code example shows a class that implements a cookie-based session-ID manager.

Imports System
Imports System.Configuration
Imports System.Web.Configuration
Imports System.Web
Imports System.Web.SessionState

Namespace Samples.AspNet.Session

  Public Class MySessionIDManager
    Implements IHttpModule, ISessionIDManager

    Private pConfig As SessionStateSection = Nothing

    ' IHttpModule Members

    ' IHttpModule.Init

    Public Sub Init(app As HttpApplication) Implements IHttpModule.Init

      ' Obtain session-state configuration settings.

      If pConfig Is Nothing Then      
        Dim cfg As System.Configuration.Configuration = _
          WebConfigurationManager.OpenWebConfiguration( _
        pConfig = CType(cfg.GetSection("system.web/sessionState"), SessionStateSection)
      End If

    End Sub

    ' IHttpModule.Dispose

    Public Sub Dispose() Implements IHttpModule.Dispose

    End Sub

    ' ISessionIDManager.Initialize

    Public Sub Initialize() Implements ISessionIDManager.Initialize

    End Sub

    ' ISessionIDManager.InitializeRequest

    Public Function InitializeRequest(context As HttpContext,  _
                                      suppressAutoDetectRedirect As Boolean,  _
                                      ByRef supportSessionIDReissue As Boolean) As Boolean _
                                      Implements ISessionIDManager.InitializeRequest

      If pConfig.Cookieless = HttpCookieMode.UseCookies Then
        supportSessionIDReissue = False
        Return False
        supportSessionIDReissue = True
        Return context.Response.IsRequestBeingRedirected
      End If
    End Function

    ' ISessionIDManager Members

    ' ISessionIDManager.GetSessionID
    Public Function GetSessionID(context As HttpContext) As String _
      Implements ISessionIDManager.GetSessionID

      Dim id As String = Nothing

      If pConfig.Cookieless = HttpCookieMode.UseUri Then
        ' Retrieve the SessionID from the URI.
        id = context.Request.Cookies(pConfig.CookieName).Value
      End If    

      ' Verify that the retrieved SessionID is valid. If not, return Nothing.

      If Not Validate(id) Then _
        id = Nothing

      Return id
    End Function

    ' ISessionIDManager.CreateSessionID

    Public Function CreateSessionID(context As HttpContext) As String _
      Implements ISessionIDManager.CreateSessionID

      Return Guid.NewGuid().ToString()
    End Function

    ' ISessionIDManager.RemoveSessionID

    Public Sub RemoveSessionID(context As HttpContext) _
      Implements ISessionIDManager.RemoveSessionID


    End Sub

    ' ISessionIDManager.SaveSessionID

    Public Sub SaveSessionID(context As HttpContext, _
                             id As String, _
                             ByRef redirected As Boolean, _
                             ByRef cookieAdded As Boolean) _
      Implements ISessionIDManager.SaveSessionID

      redirected = False
      cookieAdded = False

      If pConfig.Cookieless = HttpCookieMode.UseUri Then

        ' Add the SessionID to the URI. Set the redirected variable as appropriate.

        redirected = True
        context.Response.Cookies.Add(New HttpCookie(pConfig.CookieName, id))
        cookieAdded = True
      End If
    End Sub

    ' ISessionIDManager.Validate

    Public Function Validate(id As String) As Boolean _
      Implements ISessionIDManager.Validate

        Dim testGuid As Guid = New Guid(id)

        If id = testGuid.ToString() Then _
          Return True

      End Try

      Return False
    End Function

  End Class
End Namespace

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.