Geeks With Blogs
Ankit Agrawal


Random and unique are two different words with very different meaning. To generate random number, there are many algorithms but none to guarantee unique number. This causes a problem of non-unique GUID and SessionId generated in any application whether you use .NET / java / php. (I have seen this in ASP.NET and java). If you grill down to the algorithm that is used to create SessionId, it does never guarantee a unique number whenever it is generated. 


When you hover over the SessionId in ASP.NET application in VS, it says Unique SessionId. I don’t know how they can guarantee a unique id when there algorithm doesn’t support so. Below is the code:


internal static string Create(ref RandomNumberGenerator randgen)

{

    if (randgen == null)

    {

        randgen = new RNGCryptoServiceProvider();

    }

    byte[] data = new byte[15];

    randgen.GetBytes(data);

    return Encode(data);

}

private static string Encode(byte[] buffer)

{

    char[] chArray = new char[0x18];

    int num2 = 0;

    for (int i = 0; i < 15; i += 5)

    {

        int num4 = ((buffer[i] | (buffer[i + 1] << 8)) | (buffer[i + 2] << 0x10)) | (buffer[i + 3] << 0x18);

        int index = num4 & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 5) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 10) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 15) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 20) & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 0x19) & 0x1f;

        chArray[num2++] = s_encoding[index];

        num4 = ((num4 >> 30) & 3) | (buffer[i + 4] << 2);

        index = num4 & 0x1f;

        chArray[num2++] = s_encoding[index];

        index = (num4 >> 5) & 0x1f;

        chArray[num2++] = s_encoding[index];

    }

    return new string(chArray);

}


Posted on Monday, February 6, 2012 1:55 AM | Back to top


Comments on this post: Uniqueness of SessionId and GUID

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © AnkitAgrawal | Powered by: GeeksWithBlogs.net | Join free