Home/ Questions/Q 6367239
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T00:31:24+00:00

Using SqlServer session state provider with ASP.NET. From : http://msdn.microsoft.com/en-us/library/aa478952.aspx , the ASPStateTempSessions table’s

  • 0

Using SqlServer session state provider with ASP.NET.

From : http://msdn.microsoft.com/en-us/library/aa478952.aspx ,
the ASPStateTempSessions table’s SessionId column is made up of :
“Session Id” + “Application Id”.

My question is, wouldn’t “Session Id” be enough to make this column unique ? If so, is adding the “Application Id” just some additional security to make sure sessions can’t be accessed across application boundaries ?

I’m just trying to understand session ids (the 24 character ones) a bit better.

EDIT : sorry, I should clarify. Assume that for all of the applications on the domain, the ASP.NET sessionState cookieName is explicitly set to a unique value for each application.

e.g :

for app 1 :  <sessionState mode="SQLServer" ... cookieName="ASP.NET_SessionId_App1" > .. 

for app 2 : <sessionState mode="SQLServer" ... cookieName="ASP.NET_SessionId_App2" > ..

(I’m thinking this will make each app use a different session ID ?).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you are looking at a single application, yes – Session Id would be enough to make the column unique. However – the database schema is designed to support multiple applications in one Database. The application ID makes it unique when there are multiple records. It has nothing to do with Security.

    • 0