SessionIDManager.CreateSessionID Method

Creates a unique session identifier for the session.

Namespace: System.Web.SessionState
Assembly: System.Web (in system.web.dll)

public virtual string CreateSessionID (
	HttpContext context
public String CreateSessionID (
	HttpContext context
public function CreateSessionID (
	context : HttpContext
) : String
Not applicable.



The current HttpContext object that references server objects used to process HTTP requests (for example, the Request and Response properties).

Return Value

A unique session identifier.

This method is not intended to be called from application code.

The CreateSessionID method returns a unique session identifier that is a randomly generated number encoded into a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5.

Notes to Inheritors: You can supply a custom session identifier to be used by ASP.NET session state by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID and Validate methods with your own custom implementations. If your custom session ID does not meet the character constraints enforced by the default implementation of the Validate method, you should override the Validate method to provide validation of your custom session identifier. In this case, the SessionIDManager class will ensure that your custom session identifier is URL encoded in the HTTP response and URL decoded from the HTTP request using the Encode and Decode methods, respectively.

The following code example shows a class that inherits the SessionIDManager class and overrides the CreateSessionID and Validate methods with methods that supply and validate a Guid as the SessionID.

using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;

namespace Samples.AspNet.Session

  public class GuidSessionIDManager : SessionIDManager

    public override string CreateSessionID(HttpContext context)
      return Guid.NewGuid().ToString();

    public override bool Validate(string id)
        Guid testGuid = new Guid(id);

        if (id == testGuid.ToString())
          return true;

      return false;

To use the custom class demonstrated in this example, configure the sessionIDManagerType attribute of the sessionState Element (ASP.NET Settings Schema) element, as shown in the following example.

  sqlConnectionString="data source=;Integrated Security=SSPI"

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0