Developing Web Applications

Previous Topic Next Topic

ASP Session IDs Are Not Unique

Applications that require a unique user identifier should not use the ASP session ID, which is unique only for the life of the current application. If the application restarts, the server may conceivably reassign the same session ID to another user. In a multiple-server environment, like a Web cluster, the likelihood of duplicate IDs increases. Consequently, it is not advisable to use an ASP-issued session ID as a unique key for tables, or for any persistent user identity.

Instead of using the ASP session ID, you must use a separate mechanism designed to create unique numbers across multiple servers and sessions. Component Services includes the component TakeANumber, which can be used to generate unique sequential numbers for user identification. (For more information about this component, see the sidebar below, “Take A Number: A Component Services Example.”)

Take A Number: A Component Services Example

Component Services includes the TakeANumber component designed to produce sequential numbers. Because the number is incremented as part of a transaction, you are guaranteed a unique identifier that works across sessions and across servers.

The TakeANumber component is installed with Component Services, but requires a little preparation to use. You first need to define a SQL Server table in order to store the current number. This table must be named “TakeANumber” and contain two columns named “NextNumber” (integer type) and “PropertyGroupName” (string type). The PropertyGroupName column identifies which counter you are using—more than a single counter can be stored in the table. Once your table is ready, you need to enter the first number of the series. The following SQL statement will accomplish this:

INSERT INTO TakeANumber VALUES (1234, 'MyProp')

Finally, create a File Data Source Name (DSN) so that the component can connect to the table you just created. You can create a File DSN with the Data Sources (ODBC) application (in Administrative Tools) in Control Panel. For step-by-step instructions, see Data Access and Transactions in this book.

Now you’re ready to use the component. The following instructions retrieve the next number from the MyProp series:

<%@ LANGUAGE=VBScript EnableSessionState=False %>
<HTML>
  <HEAD><TITLE>Take A Number</TITLE></HEAD>
    <BODY BGCOLOR=#FFFFFF>
    <% Set tn = Server.CreateObject("MTS_TakeANumber.TakeANumber") %>
    Next Number: <%= tn.GetANumber ("TakeANumber.dsn", "MyProp") %>
  </BODY>
</HTML>

As long as each server in your site connects to the same TakeANumber database, you are guaranteed a unique identifier across servers.


© 1997-1999 Microsoft Corporation. All rights reserved.