How to generate unique session id when accessing aspx page

Question

I have a website with a number of aspx pages and one of them requires generating unique session id when an user comes in. This session id should be in time structured string as yyyymmddhhmmssms (year,month,day,hour,minute,second,milisecond). So when an user accesses to this particular aspx page, the user gets an unique session id. Then when finish button is clicked the session id is fired and will never be reused.

Answer 1

This might be possible, but first things first: A timestamp isn't unique, and you don't ever want sessionIDs to be guessable. That's why default SessionIDs are 120-bit numbers that are generated by a cryptographic random number generator (details here). Anything deterministic like a timestamp should be avoided unless you and your users are ok with the contents of a session being available to the entire world.

More about session state security is here.

Anyway, I'm not aware of a way to swap out the session ID for a single page. Your browser associates a session cookie with a host, not an individual page, so it'll send your session cookie to every page on your site. If you're not using sessions anywhere else on your site then you could get away with the following:

1. Disable session state for every page except the one in question by using the Page directive's EnableSessionState attribute. When the user clicks the finish button, call Session.Abandon in the handler.
2. Use your own session ID generator by implementing and registering your own ISessionIDManager implementation. But please, please don't use a timestamp for your IDs.