Create Custom Session ID Manager

Introduction

In ASP.Net, the SessionIDManager class is used to generate and validate the Session ID. By default, it is saved in a cookie with the name ASP.NET_SessionId.

Get session ID by HttpContext class like below.

HttpContext.Current.Session.SessionID

This session id is randomly generated and encoded with 24 characters containing lowercase a to z and numbers 0 to 5.

Suppose there is a scenario for customizing the session ID  and its validation. In that case, the developer can inherit the SessionIDManager class to a custom class and provide implementation to generate and validate the session ID.

We will do the same in the below code

using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace SampleProject.Custom
{
    public class CustomSessionIDManager : SessionIDManager
    {
        public override string CreateSessionID(HttpContext context)
        {
            string sessionId = Guid.NewGuid().ToString();
            return sessionId;
        }

        public override bool Validate(string id)
        {
            bool isValidId = id == HttpContext.Current.Session.SessionID;
            return isValidId;
        }
    }
}

And need to mention in web.config --> SessionState

<sessionState sessionIDManagerType="SampleProject.Custom.CustomSessionIDManager"></sessionState>

Now whenever an application creates a session, it will refer to CustomSessionIDManager.

Summary

In this article, we understood a bit about SessionIDManager and how to customize it. I hope it helps.


Similar Articles