Sql server session mode in asp.net

Question

I used sql server session mode in my application. The session id is generated as soon as the page loads. I have a user login in the start page. But I need the session id to be created after the user login is successful.
In web.config file

<sessionState mode="SQLServer" sqlConnectionString="DBConnection" allowCustomSqlDatabase="true" regenerateExpiredSessionId="false" cookieless="false" timeout="1" ></sessionState>

<add name="DBConnection" connectionString="Data Source=localhost;DataBase=ASPState;Integrated Security=True;uid=sa;pwd=password-1" providerName="System.Data.SqlClient"/>

How the session id is created ? as the page loads. Do I need to specify any code in the user login method.

Any suggestions..

EDIT When the Login page is loaded, the session id is created in ASPState database as below.

SessionId   Created Expires     LockDate    LockDateLocal   LockCookie  Timeout Locked  SessionItemShort    SessionItemLong Flags
sf4chi20mebkfaw4taz345h5739e38f4    2013-01-08 12:38:23.340 2013-01-08 12:39:23.340 2013-01-08 12:38:23.340 2013-01-08 18:08:23.340 1   1   0   0x010000000000FF    NULL    0

Can I set the session to be created after the login is completed. ?

Answer 1

Can i know how the session id is created as the application starts.?

The session isn't created as the application starts but rather when the user firsts hits the application.

Can I set the session to be created after the login is completed. ?

You need to call Session.Abandon() and then clear the session ID cookie once the user is authenticated.

For those of you that think that the OP is trying to solve a problem that doesn't exist, please read up on session fixation attacks.