SessionIDManager.Validate(String) Method

Reference

Definition

Namespace:: System.Web.SessionState

Assembly:: System.Web.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Gets a value indicating whether a session identifier is valid.

public:
 virtual bool Validate(System::String ^ id);

public virtual bool Validate (string id);

abstract member Validate : string -> bool
override this.Validate : string -> bool

Public Overridable Function Validate (id As String) As Boolean

Parameters

id: String

The session identifier to validate.

Returns

Boolean

true if the session identifier is valid; otherwise, false.

Implements

Validate(String)

Examples

The following code example shows a class that inherits the SessionIDManager class and overrides the CreateSessionID and Validate methods with methods that supply and validate a Guid as the SessionID.

using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;

namespace Samples.AspNet.Session
{

  public class GuidSessionIDManager : SessionIDManager
  {

    public override string CreateSessionID(HttpContext context)
    {
      return Guid.NewGuid().ToString();
    }

    public override bool Validate(string id)
    {
      try
      {
        Guid testGuid = new Guid(id);

        if (id == testGuid.ToString())
          return true;
      }
      catch
      {
      }

      return false;
    }
  }
}

Imports System.Configuration
Imports System.Web.Configuration
Imports System.Web
Imports System.Web.SessionState


Namespace Samples.AspNet.Session

  Public Class GuidSessionIDManager
    Inherits SessionIDManager

    Public Overrides Function CreateSessionID(context As HttpContext) As String
      Return Guid.NewGuid().ToString()
    End Function

    Public Overrides Function Validate(id As String) As Boolean
      Try
        Dim testGuid As Guid = New Guid(id)

        If id = testGuid.ToString() Then _
          Return True
      Catch
      
      End Try

      Return False
    End Function

  End Class

End Namespace

To use the custom class demonstrated in this example, replace the SessionID HTTP module in your Web.config file with your custom class, as shown in the following example.

<httpModules>
  <remove name="SessionID" />
  <add name="SessionID"
       type="Samples.AspNet.Session.GuidSessionIDManager" />
</httpModules>

Remarks

This method is not intended to be called from application code.

The Validate method verifies that the supplied id is a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5 and that the maximum length of the session ID does not exceed 80 characters.

The GetSessionID method calls the Validate method when retrieving a session identifier from an HTTP request, to ensure that the supplied session identifier is properly formatted.

Notes to Inheritors

You can supply a custom session identifier to be used by ASP.NET session state by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID(HttpContext) and Validate(String) methods with your own custom implementation. Even when you create a custom session identifier, the session ID is limited to 80 characters by the SessionIDManager class.

Applies to