Home/ Questions/Q 6318381
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T15:37:56+00:00

When ever user logs into my website, I am storing HttpContext.Current.SessionID in my user

  • 0

When ever user logs into my website, I am storing HttpContext.Current.SessionID in my user log table. I want to make sure can this be duplicate? If yes, I want to make the column unique in database. If it can be duplicated, any thing to get from session which will be unique and will never be regenerated in future like GUID?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    HttpContext.Current.SessionID will be unique for the current set of sessions only – that is, every session ID will be unique when it is active. However, once the session expires, there is no guarantee that new sessions will not have the same ID. If this is the case, any persistent data (based on a session ID) will now be referring to a different session.

    Please also note the following remarks from the MSDN page.

    The SessionID value is randomly generated by ASP.NET and stored in a
    non-expiring session cookie in the browser. The SessionID value is
    then sent in a cookie with each request to the ASP.NET application.

    However, if the cookie is cleared, the session is restarted.

    The SessionID is sent between the server and the browser in clear
    text, either in a cookie or in the URL. As a result, an unwanted
    source could gain access to the session of another user by obtaining
    the SessionID value and including it in requests to the server. If you
    are storing private or sensitive information in session state, it is
    recommended that you use SSL to encrypt any communication between the
    browser and server that includes the SessionID.

    • 0