Regenerating SessionID in ASP.NET

Creating New ASP.NET_SessionId & Attaching Old ASP.NET_SessionId Values to New ASP.NET_SessionId

public void RegenerateSessionId()

System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager();
string oldId = manager.GetSessionID(System.Web.HttpContext.Current);

string newId = manager.CreateSessionID(System.Web.HttpContext.Current);

bool isAdd = false, isRedir = false;
manager.SaveSessionID(System.Web.HttpContext.Current, newId, out isRedir, out isAdd);

HttpApplication ctx = (HttpApplication)HttpContext.ApplicationInstance;
HttpModuleCollection mods = ctx.Modules;
System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get(“Session”);
System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
SessionStateStoreProviderBase store = null;
System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
foreach (System.Reflection.FieldInfo field in fields)
if (field.Name.Equals(“_store”)) store = (SessionStateStoreProviderBase)field.GetValue(ssm);
if (field.Name.Equals(“_rqId”)) rqIdField = field;
if (field.Name.Equals(“_rqLockId”)) rqLockIdField = field;
if (field.Name.Equals(“_rqSessionStateNotFound”)) rqStateNotFoundField = field;
object lockId = rqLockIdField.GetValue(ssm);
if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(System.Web.HttpContext.Current, oldId, lockId);
rqStateNotFoundField.SetValue(ssm, true);
rqIdField.SetValue(ssm, newId);


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s