Safe random numbers in asp.net

Question

Safe random numbers in asp.net

From what I know, Random () is initialized by the current time. If two connections fall within the same second, should I get the same two random numbers? With a large site that may be likely. The lock is bad, so how should I solve it? note: the number is used for the session identifier.

-edit- I am stuck using a long one. Incorrectly truncate 128-bit GUID

+3

security random asp.net

user34537 Jul 04 '10 at 3:05

source share

2 answers

Instead of using the random number from the call Random(), use Guid.NewGuid () . The probability of duplication is very, very small ...

Using a GUID for a session identifier is a common solution.

+4

Mitch wheat Jul 04 '10 at 3:11

source share

matt-dot-net · Accepted Answer · 2010-07-04T03:14:46+0000

First, why do you need to create your own session id? Are you using SessionIDManager ? I would use the Guid.NewGuid () method, as shown in the CreateSessionID example . According to the documentation for Guid.NewGuid () , "The possibility that the value of the new Guid will be equal to all zeros or equal to any other guide is very low.

Safe random numbers in asp.net

More articles: