SessionIDManager.SessionIDMaxLength Property


Gets the maximum length of a valid session identifier.

 static property int SessionIDMaxLength { int get(); };
public static int SessionIDMaxLength { get; }
member this.SessionIDMaxLength : int
Public Shared ReadOnly Property SessionIDMaxLength As Integer

Property Value


The maximum length of a valid session identifier.


The maximum length of a session identifier is 80 characters.

While session identifiers created by the CreateSessionID method are 24 characters long, the maximum length of a session identifier allowed by the SessionIDManager class is 80 characters. This is especially important if you implement a custom SessionIDManager. The GetSessionID method, which retrieves session-identifier values from the current HttpRequest, ensures that values do not exceed the SessionIDMaxLength value and that the session identifier is a 24-character string containing only the lowercase characters a to z and the numbers 0 to 5 by calling the Validate method. If you implement a custom SessionIDManager class that inherits the SessionIDManager class and overrides the CreateSessionID method but not the Validate method, your custom session-identifier values must meet the constraints above. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method.

Applies to

See also