ASP.NET SessionID Questions
I'm going to be generating a SessionID for each user on my main application, so that it can be transfered across other sub-applications. I'm also going to be inputing it into an authentification DB table when the user logs in, along with their AccountID and the current DateTime.
But I'm new to SessionID's and I have few questions:
1) How long can a SessionID end up being?
2) How long are they stored for?
3) If a user closes their browser, reopens it, and logs in again, will they have a new SessionID or the same one? (Note: I tried it out, and it stayed the same. But I'm not sure if that's how it's supposed to work.)
4) I've heard that a SessionID can end up not being unique. Is this true?
5) What are the benefits of using a SessionID instead of an already existing AccountID for each user. (Note: Each Account ID is a unique ID stored in the main accounts DB table).
Ok, that's it. Thanks for any help.
KWilliams
|