Stack Overflow
Stack Overflow

Questions tagged [sessionid]

A session ID is a unique identifier that relates session data to a specific user.

A session ID is a unique identifier that relates session data to a specific user.

In an HTTP context, it is usually stored in a cookie and sent to the server on every request. The server uses the session ID to load the data that was persisted in the session.

The lookup process on the server can be either file-based (where the session ID is used as part of the file name), or from a database (where the session ID is used as the primary key).

636 questions
149
votes
14 answers

ASP.NET: Session.SessionID changes between requests

Why does the property SessionID on the Session-object in an ASP.NET-page change between requests? I have a page like this: ...
SessionID: <%= SessionID %>
... And the output keeps changing every time I hit F5, independent of…
Seb Nilsson
  • 26,200
  • 30
  • 103
  • 130
143
votes
20 answers

How to differ sessions in browser-tabs?

In a web-application implemented in java using JSP and Servlets; if I store information in the user session, this information is shared from all the tabs from the same browser. How to differ sessions in the browser-tabs? In this example: <%@page…
Oriol Terradas
  • 1,788
  • 2
  • 19
  • 30
107
votes
9 answers

How to find out the request.session sessionid and use it as a variable in Django?

I'm aware that you can get session variables using request.session['variable_name'], but there doesn't seem to be a way to grab the session id(key) as a variable in a similar way. Is this documented anywhere? I can't find it.
rmh
  • 4,806
  • 10
  • 33
  • 31
45
votes
5 answers

What is the length of a PHP session id string?

I'm making a table in a MySQL database to save some session data, including session_id. What should be the length of the VARCHAR to store the session_id string?
Gustavo
  • 1,673
  • 4
  • 24
  • 39
34
votes
2 answers

Best practices for SessionId/Authentication Token generation

I have seen people using UUID for authentication token generation. However, in RFC 4122 it is stated that Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants …
oldbam
  • 2,397
  • 1
  • 16
  • 24
29
votes
6 answers

Generating a new ASP.NET session in the current HTTPContext

As a result of a penetration test against some of our products in the pipeline, what looked to be at the time an 'easy' problem to fix is turning out to be a toughy. Not that it should of course, I mean why would just generating a brand new session…
Rabid
  • 2,984
  • 2
  • 25
  • 25
24
votes
1 answer

How to get Session Id In C#

what is the correct way to get session id in C# String sessionId ; sessionId = Session.SessionID; or string sessionId = Request["http_cookie"]; sessionId = sessionId.Substring(sessionId.Length - 24); Actually i am totally new to C# and just…
GajendraSinghParihar
  • 9,051
  • 11
  • 36
  • 64
23
votes
1 answer

Proper session hijacking prevention in PHP

I know this topic has been discussed a lot, but I have a few specific questions still not answered. For example: // **PREVENTING SESSION HIJACKING** // Prevents javascript XSS attacks aimed to steal the session ID ini_set('session.cookie_httponly',…
federico-t
  • 12,014
  • 19
  • 67
  • 111
22
votes
5 answers

How to Generate a new Session ID

Is it possible to generate a new ID for the session using ASP.NET? I want it to change when someone logs in to my website just before I set their initial session variables.
Luke
  • 22,826
  • 31
  • 110
  • 193
17
votes
3 answers

linux command setsid

I am trying to write a wrapper which will execute a script as a session leader. I am confused by the behaviour of the linux command setsid. Consider this script, called test.sh: #!/bin/bash SID=$(ps -p $$ --no-headers -o sid) if [ $# -ge 1 -a $$ -ne…
Matei David
  • 2,322
  • 3
  • 23
  • 36
15
votes
5 answers

SessionID is still the same after Session.Abandon call

I'm writing some logging code that is based on SessionID... However, when I log out (calling Session.Abandon), and log in once again, SessionID is still the same. Basically every browser on my PC has it's own session id "attached", and it won't…
dragonfly
  • 17,407
  • 30
  • 110
  • 219
14
votes
11 answers

ASP.NET session has expired or could not be found -> Because the Session.SessionID changes (Reporting Services)

1.-I'm using reporting services and sometimes I get this error ASP.NET session has expired or could not be found when I try to load a report. 2.-I realized that I get this error when the Session.SessionID property changes even though the user is the…
user1239198
  • 163
  • 1
  • 1
  • 5
14
votes
1 answer

dialogflow - how to get session id?

First of all, I'm a noob with dialogflow and web services. I'm trying to integrate a dialogflow agent I just created and integrate it with my app on my local computer. I was able to get project_id and all other important information but no matter…
Phillip1982
  • 189
  • 1
  • 2
  • 10
14
votes
2 answers

Reusing HttpURLConnection so as to keep session alive

We have an Android application that requires the user to enter an answer to a Captcha. The Captcha is generated on our server. When the replies, it is sent to the server for verifying. Problem is that since I have to close the HttpURLConnection…
theblitz
  • 6,683
  • 16
  • 60
  • 114
13
votes
2 answers

Is regenerating the session id after login a good practice?

I'm wondering if regenerating the session id after a successful login really a good practice and not just sort of a cargo cult behavior. If I understand the theory correctly it should prevent session hijacking (or at least make it harder), but I…
Wabbitseason
  • 5,641
  • 9
  • 49
  • 60
1
2 3
42 43