Random and unique are two different words with very different meaning. To generate random number, there are many algorithms but none to guarantee unique number. This causes a problem of non-unique GUID and SessionId generated in any application whether you use .NET / java / php. (I have seen this in ASP.NET and java). If you grill down to the algorithm that is used to create SessionId, it does never guarantee a unique number whenever it is generated. 


When you hover over the SessionId in ASP.NET application in VS, it says Unique SessionId. I don’t know how they can guarantee a unique id when there algorithm doesn’t support so. Below is the code:


internal static string Create(ref RandomNumberGenerator randgen)

{

    if (randgen == null)

    {

        randgen = new RNGCryptoServiceProvider();

    }

    byte[] data = new byte[15];

    randgen.GetBytes(data);

    return Encode(data);

}

private static string Encode(byte[] buffer)

{

    char[] chArray = new char[0x18];

    int num2 = 0;

    for (int i = 0; i < 15; i += 5)

    {

        int num4 = ((buffer[i] | (buffer[i + 1] << 8)) | (buffer[i + 2] << 0x10)) | (buffer[i + 3] << 0x18);

        int index = num4 & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 5) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 10) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 15) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 20) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 0x19) & 0x1f;

        chArray[num2++] = s_encoding[index];

        num4 = ((num4 >> 30) & 3) | (buffer[i + 4] << 2);

        index = num4 & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 5) & 0x1f;

        chArray[num2++] = s_encoding[index];

    }

    return new string(chArray);

}