CODEWITHSUNDEEP
c#asp.netsession
jibran musa
jibran musa

Reputation: 213

Duplicate Session ID

Hi I am working on Sessions and don't know whey the Session ID is created the same as the previous one.

I have a log table which tells which user has logged in, its time and stores its unique Session ID. When it log outs system checks for the Session ID n changes its status to log out.

But when user is logged in again the Session ID created is the same i don't know whats the mistake.

The Code is given below

log in cs file 

HttpContext.Current.Session["user"]=user;
HttpContext.Current.Session["sessionid"]=HttpContext.Current.Session.SessionID;

when user log outs

log out cs file

HttpContext.Current.Session.Abandon();

Waiting for your help. Thanks in advance

Upvotes: 2

Views: 3617

Answers (4)

Christian Phillips
Christian Phillips

Reputation: 18769

Since the users are members on your website, they should already have a uniqueID, whether this is a email address or an Id? You can use this to make entries into the Login table.

Note: There is a caveat to this process; it will work fine if the user clicks on the logout button, you can remove the uniqueId from the Login Table or update status to logged out, whichever way you have this set up. But, if the user just closes the browser, no event will be fired to perform the same action, so the user will remain logged in.

You should also look at possible solutions for dealing with the clean up of users who have not clicked on the logout button.

Upvotes: 1

Subin Jacob
Subin Jacob

Reputation: 4864

You can use Guid.NewGuid().ToString() instead. ASP.NET doesn't guarantee that the session id is unique beyond the lifetime of the session.

While each generated GUID is not guaranteed to be unique, the total number of unique keys >(2^128 or 3.4×10^38) is so large that the probability of the same number being generated twice >is very small. For example, consider the observable universe, which contains about 5×10^22 >stars; every star could then have 6.8×10^15 universally unique GUIDs.

You can always trust the GUID to be unique always. Thats the real purpose of GUID. This SO Question asks about unique Id.

Upvotes: 5

user240141
user240141

Reputation:

You can use GUID as suggested by Subin.

While time of creating sessions for a user, use the code below.

HttpContext.Current.Session["sessionid"]=Guid.NewGuid().ToString();

While Saving it to DB, use the reverse:

User.dbField = HttpContext.Current.Session["sessionid"]

Upvotes: 2

Luaan
Luaan

Reputation: 63772

ASP.NET doesn't guarantee that the session id is unique beyond the lifetime of that session (ie. there's no living session with the same ID), I'm affraid. You should just use your own unique identifier if you want that functionality.

Upvotes: 5

Related Questions