Need ASP script to Generate Unique Session ID

[Dan Thompson]

Hello I am still quite new to ASP and I am wondering if anyone can help ?
I am trying to write a ASP script to put into my website that will generate
a random and unique Session ID that is stored in a cookie on the clients end
for the duration of time they are logged into my website. Can anyone provide
me with a simple ASP script to do this or at least provide some insight on
how to go about doing this ?

Dan Thompson

 

[Evertjan.]

=?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in
microsoft.public.inetserver.asp.general:

Hello I am still quite new to ASP and I am wondering if anyone can
help ? I am trying to write a ASP script to put into my website that
will generate a random and unique Session ID that is stored in a
cookie on the clients end for the duration of time they are logged
into my website. Can anyone provide me with a simple ASP script to do
this or at least provide some insight on how to go about doing this ?

ASP will do this by itself.

<%
Response.Write Session.SessionID
%>

 

[Dan Thompson]

I thought I would clarify more what I am looking for so here is the deal.

I already have a Login.asp page where the user can type in login information
then I have a verify.asp page that verify's the user login info with the
username and password information in MySQL database.
The problem is I need a unique user ID and I could just use some sort of
random user ID number generator function into MySQL as a primary key (userID)
but once the number has been generated for new user that has been added to
MySQL database that user ID is going to be the same for as long as the user
exists in the database.
I would much rather just have my verify page verify that the username and
password are correct and than have ASP assign a session ID to that user for
the duration that they are on my website that way it is more secure and less
likely that someone could guess the URL as the session ID number would only
be valid for the duration that the proper user is logged into the site and
would be a different number the next time that same user log's into the site.

Please can anyone help with this question ?

Dan Thompson

 

[Evertjan.]

=?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in
microsoft.public.inetserver.asp.general:

I thought I would clarify more what I am looking for so here is the
deal.

I already have a Login.asp page where the user can type in login
information then I have a verify.asp page that verify's the user login
info with the username and password information in MySQL database.
The problem is I need a unique user ID and I could just use some sort
of random user ID number generator function into MySQL as a primary
key (userID) but once the number has been generated for new user that
has been added to MySQL database that user ID is going to be the same
for as long as the user exists in the database.
I would much rather just have my verify page verify that the username
and password are correct and than have ASP assign a session ID to that
user for the duration that they are on my website that way it is more
secure and less likely that someone could guess the URL as the session
ID number would only be valid for the duration that the proper user is
logged into the site and would be a different number the next time
that same user log's into the site.

Please can anyone help with this question ?

As I told you, the session.id is unique and available during the whole
session.

I do not see the problem that the user also has his unique serial nmber
in your database, you can just assign that nummber to a session variable,
that is not available to the outside world, but uniquely identifies your
user during a single or multiple sessions.

Ofcourse, you should not use that number as a determinant for the session
in a querystring or post data. That is where session cookies come in to
hold the Session.id value.

Are you afraid of cookies, perhaps?

 

[Neil Gould]

Hi Dan,

I thought I would clarify more what I am looking for so here is the
deal.

I already have a Login.asp page where the user can type in login
information then I have a verify.asp page that verify's the user
login info with the username and password information in MySQL
database.
The problem is I need a unique user ID and I could just use some sort
of random user ID number generator function into MySQL as a primary
key (userID) but once the number has been generated for new user that
has been added to MySQL database that user ID is going to be the same
for as long as the user exists in the database.
I would much rather just have my verify page verify that the username
and password are correct and than have ASP assign a session ID to
that user for the duration that they are on my website that way it is
more secure and less likely that someone could guess the URL as the
session ID number would only be valid for the duration that the
proper user is logged into the site and would be a different number
the next time that same user log's into the site.

Please can anyone help with this question ?

Dan Thompson

Every ASP session generates a unique session ID, as Evertjan has pointed
out. However, for what you've said you're trying to accomplish, I doubt that
the session ID would be of use, because a unique ID is generated every time
a user logs in, and it is used only to track that specific session, so it
would have no value as a validator in a cookie.

OTOH, a unique user ID that is assigned when the user is initially added to
the database can be accessed during log in to track other activities.
Typically, this will be a key field to make searches faster, and is useful
as a way to build entries in a related table, for example for logging orders
or such. As you may guess, this leads to a host of other issues regarding
the structure of relational databases that is unrelated to the issue of
security.

There is a lot of information about this on the web, and if you narrow your
concerns a bit, a google search will provide you with a lot of reading
material.

Best,

Neil