Hi,
I was wondering if anyone knew what was the format of a ASP.NET SessionID? It's not a GUID or base64, what is its type? Also does it vary from version to version of the .NET framework?
thanks
+3
A:
Edited. Revised from my original dumb answer.
The documentation just says it's randomly asigned by ASP.NET. http://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.sessionid.aspx
Another page gives a bit more detail.
The ASP.NET session identifier is a randomly generated number encoded into a 24-character string consisting of lowercase characters from a to z and numbers from 0 to 5.
David Stratton
2010-08-19 03:32:21
Well I was hoping from a security point-of-view is SHA256 or above. The advantages of using sha256 or above is crashing doesn’t work effectively. Also I looking at saving the session id to a logging database and question was posed could I use a unique Identifier. This got me thinking what was the sessionID type. All Microsoft Documentation told me nothing. Thanks for your information.
Nick
2010-08-19 03:47:38