derek.thompson

I am developing a web service using WCF and C# .NET, and need to know exactly how the System.ServiceModel.OperationContext.Current.SessionID is generated (i.e., the algorithm used and/or real/pesudo code, or where to find it). I plan on using the session id or a hash of it as a unique key in a hashtable, but under the circumstances of my development I need to know the exact details of how it is generated. I have looked all over for documentation on this, but have not found anything. If anyone could enlighten me, it would be greatly appreciated. Thanks in advance.


Re: Windows Communication Foundation (Indigo) WCF - SessionId Generation

Dave Cliffe - MSFT

Hi Derek,

I'm pretty sure we just call into the CorrelationManager (http://msdn2.microsoft.com/en-us/library/system.diagnostics.correlationmanager.aspx) to generate a Guid. Not sure if that helps or not ...

-- Dave





Re: Windows Communication Foundation (Indigo) WCF - SessionId Generation

derek.thompson

Dave,

Thanks for your reply.

Unfortunately that doesn't help me out too much - I am looking more for the actual algorithm. We need to be able to show and prove that the ID generated is truly unique and random, with respect to our requirements.










Re: Windows Communication Foundation (Indigo) WCF - SessionId Generation

Alexey Lavnikov

I believe that is makes no real difference weither you'll use SessionId as string or as derived hash for your dictionary key ...

Why Because WCF has already some code pieces which are quite slow (don't forget about network delay).

So 0.1% slower or faster in this case means nothing...





Re: Windows Communication Foundation (Indigo) WCF - SessionId Generation

Dave Cliffe - MSFT

Hi Derek,

I don't know the actual algorithm that is called underneath. I believe the CorrelationManager calls into Guid.NewGuid() (http://msdn2.microsoft.com/en-us/library/system.guid.newguid.aspx), and from that page, all I see is the following:

"There is a very low probability that the value of the new Guid is all zeroes or equal to any other Guid."

Sorry I can't be more helpful,

-- Dave





Re: Windows Communication Foundation (Indigo) WCF - SessionId Generation

Allan-Nielsen

Hi,

from what I digged out, I ended up with this code here:

Code Snippet

private UniqueId GetSessionId(SecurityToken sessionToken, SecurityStandardsManager standardsManager)
{
GenericXmlSecurityToken token = sessionToken as GenericXmlSecurityToken;
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString("SessionTokenIsNotGenericXmlToken", new object[] { sessionToken, typeof(GenericXmlSecurityToken) })));
}
return standardsManager.SecureConversationDriver.GetSecurityContextTokenId(XmlDictionaryReader.CreateDictionaryReader(new XmlNodeReader(token.TokenXml)));
}

so from what I can see the sessionId is derived from a securitytoken!! how that was generated depends of what token is used.

I think you should just see the sessionId as being unique to the client instance, what exactly are you trying to do I don't think it should matter how the sessionId actually was generated, but I do remember something about the sessionId being reused (might remember this wrong), so why not take matters into your own hands here, again I don't know what you are trying to do here.

/Allan





Re: Windows Communication Foundation (Indigo) WCF - SessionId Generation

derek.thompson

Thanks Allan, Dave, and Alexey for your replies.

I was planning on using this ID as a key in a container that maintains all of the client connections. Although, and obviously, if MS is using these ID's to uniquely identify their sessions, it should be okay for me to use (since I'm essentially keeping track of the same thing)... however under the conditions of my development we need to be 110% certain of its generation in this context.

I'll probably just end up writing my own id generator, and using the MS session ID as a salt or something. It would just be convenient to use this ID.

Thanks again for your help