«

howto

thanx
Ronald

SessionID's are created in the SessionStateModule. To extend the session
state under ASP.NET you will need to write your own HTTP module and replace
the SessionStateModule in the machine.config. The SessionStateModule is
the module which provides all the session state functionality for ASP.NET.
The SessionStateModule is sealed so you cannot extend it. Perhaps they are
trying to tell us something? You can replace it; however, there is'nt any
documentation other than how to create a HTTP module to help you accomplish
this task. Unless you have a really really good argument for rolling your
own sessionid, I would stick with what has been provided for you.

Regards

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"

Hi Andy

"Andy Mortimer [MS]" <> wrote in message
news:...
> SessionID's are created in the SessionStateModule. To extend the session
> state under ASP.NET you will need to write your own HTTP module and
replace
> the SessionStateModule in the machine.config. The SessionStateModule is
> the module which provides all the session state functionality for ASP.NET.
> The SessionStateModule is sealed so you cannot extend it. Perhaps they are
> trying to tell us something? You can replace it; however, there is'nt any
> documentation other than how to create a HTTP module to help you
accomplish
> this task. Unless you have a really really good argument for rolling your
> own sessionid, I would stick with what has been provided for you.
>

We have the Problem, that the StateModule, when it runs in cookieless
SQLServer Mode, redirect to an existing foreign session instead of creating
a brand new session after site Request w/o SessionID in URL. That's a very
big Problem. I will now disable the reusage of sessionids.

Ronald


> Regards
>
> Andy Mortimer [MS]
> Please do not send email directly to this alias. This alias is for
> newsgroup purposes only
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> OR if you wish to include a script sample in your post please add "Use of
> included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm"
>
>

Thats not something I've heard of. I was of the understanding that
sessionID values are generated using
an algorithm that guarantees uniqueness so that sessions do not collide.

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"

Not sure if this is pertinent?

http://support.microsoft.com/default...b;EN-US;822162

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"

Hi Andy,

"Andy Mortimer [MS]" <> wrote in message
news:...
> Not sure if this is pertinent?
>
> http://support.microsoft.com/default...b;EN-US;822162
>

we have solved this problem. Once of our promotion partners linked to our
site through an banner with sessionid in the url. That was the reason for
'session collitions'. But it's still a problem that the sessionhandler
doesn't generate a new sessionid, if the url includes a valid sessionid
which actually not runs on the state server. I think, it's better, every
sessionstart generates a new sessionid, independ of the sessionid included
in requests url.

> Andy Mortimer [MS]
> Please do not send email directly to this alias. This alias is for
> newsgroup purposes only
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> OR if you wish to include a script sample in your post please add "Use of
> included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm"
>

Good to hear you have solved your problem, but not to clear on what is
happening. If the stored sessionid in the banner wasn't getting a page
after the session had expried, then I think that is by design.

Andy Mortimer [MS]
Please do not send email directly to this alias. This alias is for
newsgroup purposes only

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"