Export (0) Print
Expand All

SessionIDManager.Validate Method

Gets a value indicating whether a session identifier is valid.

Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

public virtual bool Validate(
	string id
)

Parameters

id
Type: System.String

The session identifier to validate.

Return Value

Type: System.Boolean
true if the session identifier is valid; otherwise, false.

Implements

ISessionIDManager.Validate(String)

This method is not intended to be called from application code.

The Validate method verifies that the supplied id is a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5 and that the maximum length of the session ID does not exceed 80 characters.

The GetSessionID method calls the Validate method when retrieving a session identifier from an HTTP request, to ensure that the supplied session identifier is properly formatted.

Notes to Inheritors

You can supply a custom session identifier to be used by ASP.NET session state by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID and Validate methods with your own custom implementation. Even when you create a custom session identifier, the session ID is limited to 80 characters by the SessionIDManager class.

The following code example shows a class that inherits the SessionIDManager class and overrides the CreateSessionID and Validate methods with methods that supply and validate a Guid as the SessionID.

using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;


namespace Samples.AspNet.Session
{

  public class GuidSessionIDManager : SessionIDManager
  {

    public override string CreateSessionID(HttpContext context)
    {
      return Guid.NewGuid().ToString();
    }


    public override bool Validate(string id)
    {
      try
      {
        Guid testGuid = new Guid(id);

        if (id == testGuid.ToString())
          return true;
      }
      catch
      {
      }

      return false;
    }
  }
}

To use the custom class demonstrated in this example, replace the SessionID HTTP module in your Web.config file with your custom class, as shown in the following example.

<httpModules>
  <remove name="SessionID" />
  <add name="SessionID"
       type="Samples.AspNet.Session.GuidSessionIDManager" />
</httpModules>

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0
Show:
© 2015 Microsoft