Wednesday, May 18, 2005

interconnecting asp and asp.net sessions

Recently I came across an interesting situation, I needed to synchronize asp and asp.net sessions(our application is a combination of old asp and new asp.net code).

The asp.net session timeout can be configured in web.config file, and after the specified timeout period elapses, session is being terminated - asp.net session not asp. In order to access the asp session variables, when asp.net session is terminated - I crafted web request that was sent to special asp file. In this file script cleans up session variables and the whole asp app thinks that its session is terminated.

The trick here was that all the cookies, that were created in the session, had to be present in the http request header. Asp page discovers its state using these cookies.

P.S. in the asp script to which the request will be sent it is necessary to compare the host that issued the request and local address - they must be the same. If not performing this check, this will leave security breach in the web app

2 comments:

  1. Hello,

    Just thought I would check out your blog.
    I am new to blogging. I hope you don't mind me posting to your blog. If you are interested in checking out my blog and making a post that would be great.

    I have a hosting linux site web site/blog. It pretty much covers ##WEB HOSTING## related stuff.


    Thanks,
    Ed

    ReplyDelete
  2. Hello,

    Just thought I would check out your blog.
    I am new to blogging. I hope you don't mind me posting to your blog. If you are interested in checking out my blog and making a post that would be great.

    I have a affordable hosting plan web site/blog. It pretty much covers ##WEB HOSTING## related stuff.


    Thanks,
    Ed

    ReplyDelete