1

I have created an application using asp.net MVC on user login I save the value of session id using

Session["SessionId"] = HttpContext.session.SessionId

during the session when the user create new request on a page called "NewQuotee" I would like to generate new SessionId and assign the new value to Session["SessionId"] How can I do that?

O.A.K
  • 39
  • 9
  • refer: https://stackoverflow.com/questions/1419340/how-to-change-session-id-after-login-in-asp-net/1419508#1419508 – helloworld Mar 05 '19 at 03:13
  • Why don't your clear your old session and reassign new value like this `Session["SessionId"] = null; Session["SessionId"]="New Value"` ? – Parvez Mar 05 '19 at 10:54
  • @Parvez after further reading asp doesn't have a way to regenerate a new sessionid from client side browser so even if you used 'Session.Clear()' or 'Session.Abandon()' this will not regenerate a new session id in the client browser, refer to [link](https://abhijitjana.net/2011/06/04/asp-net-internals-clearing-asp-net-session-variables-a-in-depth-look/) it was a good read I will post how I solved my issue in the answer section – O.A.K Mar 07 '19 at 07:25

1 Answers1

0

so after further reading their is no direct way to request the client browser to regenerate a new session id, even if I used Session.Clear(), Session.RemoveAll() or Session.Abandon() it will not serve my needs (you can read about the difference in this artical Link it was a good read), so at the end of the day I was using the sessionid as a generaic string to identify database records for update statement at the end of page request so I created a function that generate a random 20 character string by each call and assign the value to a global var, this var can be used in my insert/update requests, the method I created to generate a random string is as follows :-

public static string GenerateSessionID()
    {
        char[] characters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".ToCharArray();
        Random r = new Random();
        System.Threading.Thread.Sleep(10);
        string randomstring = "";
        for (int i = 0; i < 20; i++)
        {
            randomstring += characters[r.Next(0, 60)].ToString();
        }

        return randomstring;
    }

to help understand the code 

char[] characters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".ToCharArray();

this line of code will create an array of char including all numbers letters in lower and upper case, you can put any kind of characters you would like

Random r = new Random();

here you create an object "r" of the random class

string randomstring = "";

just creating a string to hold the value of generated key

for (int i = 0; i < 20; i++)

you can define the length of the random key by increasing or decreasing the max value of "i" 

 r.Next(0, 60)

the method r.Next(0,60) return a random number between 0, 60 ; r.Next(min, max); you can call r.Next() it will get any random number I defined the min and max value because I will use the number generated as an index to the characters array

randomstring += characters[r.Next(0, 60)].ToString();

I guess now it is self explained that everytime you loop, the char in the character array with index random will be concatenated to the randomstring 

System.Threading.Thread.Sleep(10);

now the reason I used thread.sleep for 10 mili-sesond is, when u keep calling the random .next() function without any break it will return the same value, I briefly read about it, I kept decresing the value of the mili-second until I reached 2 and it was a hit and miss sometimes it generate a new value sometimes not so just to be on the safe side I put the value as 10

now I call the function when I need it and place the value in a string and use it

O.A.K
  • 39
  • 9