Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Microsoft: ASP.NET FAQ

Session State

A secure way to read ASP session variables from ASP.NET by chpicker
Posted: 12 Oct 07

There are many valid reasons for wanting to have a classic ASP web application and an ASP.NET application share the same session.  You may be migrating a large one over to ASP.NET and need to convert it in stages.  You may be tasked with adding a new ASP.NET module to an existing ASP page.  However, sending ASP session variables to the end user's web browser through forms or cookies is a major security concern.  It exposes the inner workings of the ASP application to the web clients.

In researching how to accomplish it, I came across this post which details a secure way to get your ASP session variables into your ASP.NET application.  What you basically do is write a new ASP page which receives a request for a session variable and returns it.  It will only respond to requests from the local machine.  Then you write an ASP.NET class which sends the request to the ASP page.  The example was given in C#, but my company wants everything in VB, so I converted it.

Here is the code for the ASP page you will create.  Name it "SessionVar.asp".


  Dim sT
  if Request.ServerVariables("REMOTE_ADDR") = Request.ServerVariables("LOCAL_ADDR") Then
    sT = Request("SessionVar")
    if Trim(sT) <> "" Then
      Response.Write Session(sT)
    End If
  End If

Next, in your ASP.NET application, create a new class.  Here is the code for the class:


Imports Microsoft.VisualBasic
Imports System.Net
Imports System.IO

Public Class ASPSessionVar
    Dim oContext As HttpContext
    Dim ASPSessionVarASP As String
    Public Function GetSessionVar(ByVal ASPSessionVar As String) As String
        Dim ASPCookieName As String = ""
        Dim ASPCookieValue As String = ""
        If Not (GetSessionCookie(ASPCookieName, ASPCookieValue)) Then
            Return ""
        End If

        Dim myRequest As HttpWebRequest = CType(WebRequest.Create(ASPSessionVarASP + "?SessionVar=" + ASPSessionVar), HttpWebRequest)
        myRequest.Headers.Add("Cookie: " + ASPCookieName + "=" + ASPCookieValue)

        Dim myResponse As HttpWebResponse = CType(myRequest.GetResponse(), HttpWebResponse)
        Dim receiveStream As Stream = myResponse.GetResponseStream()
        Dim encode As System.Text.Encoding = System.Text.Encoding.GetEncoding("utf-8")
        Dim readStream As StreamReader = New StreamReader(receiveStream, encode)
        Dim sResponse As String = readStream.ReadToEnd()

        GetSessionVar = sResponse
    End Function

    Private Function GetSessionCookie(ByRef ASPCookieName As String, ByRef ASPCookieValue As String) As Boolean

        ASPCookieName = ""
        ASPCookieValue = ""
        For Each myCookie As String In oContext.Request.Cookies
            If myCookie.StartsWith("ASPSESSION") Then
                ASPCookieName = myCookie
                ASPCookieValue = oContext.Request.Cookies(myCookie).Value
                Return True
            End If
        Return False
    End Function

    Public Sub New(ByRef oInContext As HttpContext)
        oContext = oInContext
        ASPSessionVarASP = "SessionVar.asp"

        Dim oURL As System.Uri = oContext.Request.Url
        ASPSessionVarASP = oURL.Scheme & "://" & oURL.Host & ":" & oURL.Port.ToString() & "/" & ASPSessionVarASP
    End Sub
End Class

Now, to read an ASP session variable from your ASP.NET application, just create an instance of the ASPSessionVar class and call its GetSessionVar() method.  Here's a simple example:


Dim MyVar as ASPSessionVar = New ASPSessionVar(HttpContext.Current)
Dim username As String = MyVar.GetSessionVar("username")
Note: This code works with ASP.NET version 2.0.50727.210 with .NET Framework version 2.0.50272.42.  It should work fine with others, but this is the only one I've tested it on.

Back to Microsoft: ASP.NET FAQ Index
Back to Microsoft: ASP.NET Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close