Introduction
In ASP.Net, the SessionIDManager class is used to generate and validate the Session ID. By default, it is saved in a cookie with the name ASP.NET_SessionId.
Get session ID by HttpContext class like below.
HttpContext.Current.Session.SessionID
This session id is randomly generated and encoded with 24 characters containing lowercase a to z and numbers 0 to 5.
Suppose there is a scenario for customizing the session ID and its validation. In that case, the developer can inherit the SessionIDManager class to a custom class and provide implementation to generate and validate the session ID.
We will do the same in the below code
using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace SampleProject.Custom
{
public class CustomSessionIDManager : SessionIDManager
{
public override string CreateSessionID(HttpContext context)
{
string sessionId = Guid.NewGuid().ToString();
return sessionId;
}
public override bool Validate(string id)
{
bool isValidId = id == HttpContext.Current.Session.SessionID;
return isValidId;
}
}
}
And need to mention in web.config --> SessionState
<sessionState sessionIDManagerType="SampleProject.Custom.CustomSessionIDManager"></sessionState>
Now whenever an application creates a session, it will refer to CustomSessionIDManager.
Summary
In this article, we understood a bit about SessionIDManager and how to customize it. I hope it helps.