You can do this using the SessionIdManagerclass:

您可以使用SessionIdManager类执行此操作：

SessionIDManager manager = new SessionIDManager();

string newID = manager.CreateSessionID(Context);
bool redirected = false;
bool isAdded = false;
manager.SaveSessionID(Context, newID, out redirected, out isAdded);

[Code sample is from Anas Ghanem's article]

[代码示例来自Anas Ghanem 的文章]

you can use

您可以使用

SessionIDManager.CreateSessionID Method :returns a unique session identifier that is a randomly generated number encoded into a 24-character string.

SessionIDManager.CreateSessionID Method :返回一个唯一的会话标识符，它是一个随机生成的数字，编码为 24 个字符的字符串。

Code

代码

SessionIDManager Manager = new SessionIDManager(); 
string NewID = Manager.CreateSessionID(Context); 
string OldID = Context.Session.SessionID;
bool redirected = false;
bool IsAdded = false;
Manager.SaveSessionID(Context, NewID,out redirected, out IsAdded);

Here you can find full detail about hsi : Changing the session ID programmatically.

您可以在此处找到有关 hsi 的完整详细信息：以编程方式更改会话 ID。

I assume this is security related? Will a Session.Clear()or Session.Abandon()work for you? This is a good SO linkrelated to those methods.

我认为这与安全有关？请问一个Session.Clear()或Session.Abandon()对你的工作？ 这是与这些方法相关的一个很好的 SO 链接。

Otherwise, it is difficult because the ASP.NET session cookie is already on the user's browser. You might not have confidence that the session was truly changed.

否则，这很困难，因为 ASP.NET 会话 cookie 已经在用户的浏览器上。您可能不确信会话确实已更改。

yes it is possible to generate new ID for the session. below is one example

是的，可以为会话生成新的 ID。下面是一个例子

SessionState.SessionIDManager Manager = new SessionState.SessionIDManager(); 
string NewID = Manager.CreateSessionID(Context); 
string OldID = Context.Session.SessionID; 

bool IsAdded = false; 
Manager.SaveSessionID(Context, NewID, false, IsAdded); 

Response.Write("Old SessionId Is : " + OldID); 
if (IsAdded) { 
    Response.Write("<br/> New Session ID Is : " + NewID); 
} 
else { 
    Response.Write("<br/> Session Id did not saved : "); 
} 

The ASP.Net session management infrastructure does not expose a supported way to change your session id during the handling of a request. If writing supported code is important to you, there are several things to be aware of with the accepted answer.

ASP.Net 会话管理基础结构不公开在处理请求期间更改会话 ID 的受支持方式。如果编写受支持的代码对您很重要，那么接受的答案有几件事情需要注意。

• Both CreateSessionIDand SaveSessionIDare marked"This method is not intended to be called from application code".
• The SessionID provider is a pluggable type (see e.g. Implementing a custom SessionIDManager), so at the very least you would need to instantiate the correct type.
• The session state attached to the HttpContextwill remain associated with the initial session id, so anything you put in the session state bag will appear to be lost. Since there isn't anything you can do with the session once you've changed your id, it's kind of pointless to change your id this way.

• 既CreateSessionID和SaveSessionID被标记为“这个方法不旨在被从应用程序代码被称为”。
• SessionID 提供程序是一种可插入类型（参见例如实现自定义 SessionIDManager），因此至少您需要实例化正确的类型。
• 附加到 的会话状态HttpContext将保持与初始会话 ID 相关联，因此您放入会话状态包中的任何内容都将丢失。由于一旦您更改了 ID，您就无法对会话进行任何操作，因此以这种方式更改您的 ID 是毫无意义的。

Unfortunately, there isn't a supported way to do this without a round-trip. What you need to do is to wipe the session state cookie when you generate the login form. When the user submits the form back, the framework will call into the SessionIDManagerto generate a new one. Wiping the session cookie correctly is slightly more complicated than most of the code samples show. The cookie name is another parameter configurable in the web.config. You need to read it from the configuration by accessing the property:

不幸的是，没有往返的支持方法可以做到这一点。您需要做的是在生成登录表单时擦除会话状态 cookie。当用户提交表单时，框架会调用SessionIDManager生成一个新表单。正确擦除会话 cookie 比大多数代码示例显示的要复杂一些。cookie 名称是另一个可在 web.config 中配置的参数。您需要通过访问属性从配置中读取它：

((System.Web.Configuration.SessionStateSection)ConfigurationManager.GetSection("system.web/sessionState")).CookieName

The session id cookie is not scoped to the application, so if there are two applications installed on the same server it's often desirable to have them use different cookie names, so this is required more commonly than you might think.

会话 id cookie 的范围不限于应用程序，因此如果在同一服务器上安装了两个应用程序，通常需要让它们使用不同的 cookie 名称，因此这比您想象的更常见。