SessionIDManager.SessionIDMaxLength Property
 Note |
|---|
The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience. |
Gets the maximum length of a valid session identifier.
Assembly: System.Web (in System.Web.dll)
The maximum length of a session identifier is 80 characters.
While session identifiers created by the CreateSessionID method are 24 characters long, the maximum length of a session identifier allowed by the SessionIDManager class is 80 characters. This is especially important if you implement a custom SessionIDManager. The GetSessionID method, which retrieves session-identifier values from the current HttpRequest, ensures that values do not exceed the SessionIDMaxLength value and that the session identifier is a 24-character string containing only the lowercase characters a to z and the numbers 0 to 5 by calling the Validate method. If you implement a custom SessionIDManager class that inherits the SessionIDManager class and overrides the CreateSessionID method but not the Validate method, your custom session-identifier values must meet the constraints above. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method.
Available since 2.0