R
RCS
We have sort of a centralized single-signon written in ASP.NET for all of
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;
public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().TotalProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the random
number generator. In other words, UserLogin + date and time + processor
time... is still not truly unique, because these numbers can overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to have
this be 100%. Any ideas?
our legacy ASP and ASP.NET apps.. There are around 1200 users and something
like 2 dozen apps. Everyonce in a while, a user gets the error that their
session is a duplicate in the database.. I talked to the database guys about
putting in a job that cleans up old sessions, but I also want to have this
work a little cleaner on the front-end.
I need to generate a truly session id, here is my code right now (where
UniqueIdentifier is the users login):
using System.Security.Cryptography;
public string GenerateSessionID(string UniqueIdentifier)
{
TimeSpan objTS =
System.Diagnostics.Process.GetCurrentProcess().TotalProcessorTime;
int t = DateTime.Now.Second + DateTime.Now.Millisecond + objTS.Seconds +
objTS.Milliseconds;
long lngRandom = new System.Random(t).Next();
string strData = UniqueIdentifier + lngRandom.ToString();
string strTmp = "";
System.Text.UnicodeEncoding encoding = new System.Text.UnicodeEncoding();
byte[] hashBytes = encoding.GetBytes(strData);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] cryptPassword = sha1.ComputeHash(hashBytes);
for ( int x=0 ; x < cryptPassword.Length ; x++ )
{
strTmp = strTmp + String.Format("{0,2:X2}", cryptPassword[x]);
}
return strTmp;
}
But as you might imagine, using time values like this helps, but doesn't
solve this. Even going out to the year or month:
05 + 15 = 20 (month + day for May 15th)
04 + 16 = 20 (month + day for April 16th)
Same with seconds, etc.. I need a truly random number or seed for the random
number generator. In other words, UserLogin + date and time + processor
time... is still not truly unique, because these numbers can overlap.
Anyhow already have a bullet-proof way to handle this?
This process is very random, well - like 99%.. but I would just like to have
this be 100%. Any ideas?