SessionIDManager.Validate Method (String)


Gets a value indicating whether a session identifier is valid.

Namespace:   System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

public virtual bool Validate(
	string id


Type: System.String

The session identifier to validate.

Return Value

Type: System.Boolean

true if the session identifier is valid; otherwise, false.

This method is not intended to be called from application code.

The Validate method verifies that the supplied id is a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5 and that the maximum length of the session ID does not exceed 80 characters.

The GetSessionID method calls the Validate method when retrieving a session identifier from an HTTP request, to ensure that the supplied session identifier is properly formatted.

Notes to Inheritors:

You can supply a custom session identifier to be used by ASP.NET session state by creating a class that inherits the SessionIDManager class and overriding the CreateSessionID and Validate methods with your own custom implementation. Even when you create a custom session identifier, the session ID is limited to 80 characters by the SessionIDManager class.

The following code example shows a class that inherits the SessionIDManager class and overrides the CreateSessionID and Validate methods with methods that supply and validate a Guid as the SessionID.

using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;

namespace Samples.AspNet.Session

  public class GuidSessionIDManager : SessionIDManager

    public override string CreateSessionID(HttpContext context)
      return Guid.NewGuid().ToString();

    public override bool Validate(string id)
        Guid testGuid = new Guid(id);

        if (id == testGuid.ToString())
          return true;

      return false;

To use the custom class demonstrated in this example, replace the SessionID HTTP module in your Web.config file with your custom class, as shown in the following example.

  <remove name="SessionID" />
  <add name="SessionID"
       type="Samples.AspNet.Session.GuidSessionIDManager" />

.NET Framework
Available since 2.0
Return to top