secure random numbers in asp.net

From what i know Random() is initialize to the current time. If two connections hit during the same second i should get the same two random numbers? With a large si开发者_运维技巧te that can be likely. Locking is bad so how should i solve it? note: the number is used for the session id.

-edit- i am stuck using a long. It feels wrong to shorten a 128bit GUID

Rather than using a random number from a call to Random(), use a Guid.NewGuid(). The chance of a duplicate is very, very small...

Using a GUID for a session ID is a common solution.

First, why do you need to create your own session id? Are you using SessionIDManager ? I would use the Guid.NewGuid() method like what is shown in in the example CreateSessionID . According to the documentation for Guid.NewGuid(), "The chance that the value of the new Guid will be all zeros or equal to any other Guid is very low."