Random Number Function Query

rsm42 · May 14th, 2007, 12:01 PM

Hi,

Within an e-commerce web site, I've created the following function to

create a random number. Basically I use this random number to be the

CartID for the site and store this within the session object. However

when testing the web site I've found that quite often the same number

is being generated e.g. 734992761. I've pasted the code below which is

asp.net 1.1 with vb.net. Can anyone suggest where this may be going

wrong ? I've also set the timeout for the session in the web.config

file to 20 minutes :

Code:

 Function RandomNo()
        'If SeSsionID equals nothing
        If Session("CartID") Is Nothing Then

            'Create random number
            Dim RandomNumber As Integer
            RandomNumber = Cdbl((1+999999990 - 100000001) * rnd) + 

100000001

            'Set session equal to random number 
            Session("CartID") = RandomNumber 
            'Call Createcart Function
            createCart()
        End If
     End Function

Web Config file extract :

Code:

<system.web>
 <compilation debug="true"/>
      <sessionState mode="InProc"


stateConnectionString="tcpip=127.0.0.1:42424"
                          sqlConnectionString="data 

source=127.0.0.1;trusted_connection=true"
                          cookieless="true"
                          timeout="20" />
         <customErrors mode="RemoteOnly" 

defaultRedirect="errorpage.aspx">

Thanks

dparsons · May 14th, 2007, 12:13 PM

I wouldn't advise using a Random number as it requires a Mathmatical alogorithim to generate the number it is not completely "Random". I would use something like:

Dim MyGuid As Guid = Guid.NewGuid()

and then MyGuid.ToString() as that WILL be unique everytime.

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
http://www.wiley.com/WileyCDA/WileyT...470131470.html
================================================== =========
Why can't Programmers, program??
http://www.codinghorror.com/blog/archives/000781.html
================================================== =========

gbianchi · May 14th, 2007, 12:31 PM

besides that doug is rigth, this is taken from msdn:

Before calling Rnd, use the Randomize statement without an argument to initialize the random-number generator with a seed based on the system timer.
Note: To repeat sequences of random numbers, call Rnd with a negative argument immediately before using Randomize with a numeric argument. Using Randomize with the same value for number does not repeat the previous sequence.
Security Note: Because the Random statement and the Rnd function start with a seed value and generate numbers that fall within a finite range, the results may be predictable by someone who knows the algorithm used to generate them. Consequently, the Random statement and the Rnd function should not be used to generate random numbers for use in cryptography.

http://msdn2.microsoft.com/en-us/lib...d2(VS.71).aspx

rnd is not that random, is just a number generated from a seed, but if you don't initialize that seed then it will repeat the same number often. Also take in mind that rnd is a function that will start giving the same sequence after a number of calling to it....

Also isn't the session id unique???

HTH

Gonzalo

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
^^Took that from dparsons signature and he Took that from planoie's profile
================================================== =========
My programs achieved a new certification (can you say the same?):
WORKS ON MY MACHINE
http://www.codinghorror.com/blog/archives/000818.html
================================================== =========
I know that CVS was evil, and now i got the proof:
http://worsethanfailure.com/Articles...-Hate-You.aspx
================================================== =========

dparsons · May 14th, 2007, 12:40 PM

The Session.ID is not a 100% unique number, but it could suffice. (For example, if the server is restarted, Session.IDs that have been previously used can be used again)

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
http://www.wiley.com/WileyCDA/WileyT...470131470.html
================================================== =========
Why can't Programmers, program??
http://www.codinghorror.com/blog/archives/000781.html
================================================== =========

gbianchi · May 14th, 2007, 12:54 PM

if you restart the server probably all the carts will be restarted too ;) or I'm wrong???

anyway thanks for pointing that out...

HTH

Gonzalo

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
^^Took that from dparsons signature and he Took that from planoie's profile
================================================== =========
My programs achieved a new certification (can you say the same?):
WORKS ON MY MACHINE
http://www.codinghorror.com/blog/archives/000818.html
================================================== =========
I know that CVS was evil, and now i got the proof:
http://worsethanfailure.com/Articles...-Hate-You.aspx
================================================== =========

dparsons · May 14th, 2007, 01:03 PM

It depends. If, for example, the cart is being stored in the database and the Unique number is how it is being called from the database then you have the potential to create problems. (This of course assumes some relationship between unique number and a particular session and not a relationship to unique number and logged on user as it would be possible to pull a cart from the database based on the number and logged on user ID thus aleviating the problem of the unique number since your where clause would have 2 parameters.)

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
http://www.wiley.com/WileyCDA/WileyT...470131470.html
================================================== =========
Why can't Programmers, program??
http://www.codinghorror.com/blog/archives/000781.html
================================================== =========

rsm42 · May 15th, 2007, 06:10 AM

Thanks All.

In the end I went for the following code which is working better and creating unique values. However there's a glitch !

Code:

  Dim MyValue As Integer
   'Initialize random-number generator.
    Randomize
   'Generate random value .
    MyValue = CInt(Int((999999999 * Rnd()) + 1))

I've set the code to choose values up to 9 digits. In most cases I get random 9 difit values. However from time to time I get just 8. How can I change this so that 9 values are always created ? I thought about changing the last value i.e. the 9 to an 8, but no difference - 999999999 to 999999998.

Thanks,

rsm42 · May 16th, 2007, 05:04 AM

Fixed it now - thanks all