There are many valid reasons for wanting to have a classic ASP web application and an ASP.NET application share the same session. You may be migrating a large one over to ASP.NET and need to convert it in stages. You may be tasked with adding a new ASP.NET module to an existing ASP page. However, sending ASP session variables to the end user's web browser through forms or cookies is a major security concern. It exposes the inner workings of the ASP application to the web clients.
In researching how to accomplish it, I came across this post which details a secure way to get your ASP session variables into your ASP.NET application. What you basically do is write a new ASP page which receives a request for a session variable and returns it. It will only respond to requests from the local machine. Then you write an ASP.NET class which sends the request to the ASP page. The example was given in C#, but my company wants everything in VB, so I converted it.
Here is the code for the ASP page you will create. Name it "SessionVar.asp".
<% Dim sT if Request.ServerVariables("REMOTE_ADDR") = Request.ServerVariables("LOCAL_ADDR") Then sT = Request("SessionVar") if Trim(sT) <> "" Then Response.Write Session(sT) End If End If %>
Next, in your ASP.NET application, create a new class. Here is the code for the class:
Public Class ASPSessionVar Dim oContext As HttpContext Dim ASPSessionVarASP As String Public Function GetSessionVar(ByVal ASPSessionVar As String) As String Dim ASPCookieName As String = "" Dim ASPCookieValue As String = "" If Not (GetSessionCookie(ASPCookieName, ASPCookieValue)) Then Return "" End If
Dim myRequest As HttpWebRequest = CType(WebRequest.Create(ASPSessionVarASP + "?SessionVar=" + ASPSessionVar), HttpWebRequest) myRequest.Headers.Add("Cookie: " + ASPCookieName + "=" + ASPCookieValue)
Dim myResponse As HttpWebResponse = CType(myRequest.GetResponse(), HttpWebResponse) Dim receiveStream As Stream = myResponse.GetResponseStream() Dim encode As System.Text.Encoding = System.Text.Encoding.GetEncoding("utf-8") Dim readStream As StreamReader = New StreamReader(receiveStream, encode) Dim sResponse As String = readStream.ReadToEnd()
myResponse.Close() readStream.Close() GetSessionVar = sResponse End Function
Private Function GetSessionCookie(ByRef ASPCookieName As String, ByRef ASPCookieValue As String) As Boolean
ASPCookieName = "" ASPCookieValue = "" For Each myCookie As String In oContext.Request.Cookies If myCookie.StartsWith("ASPSESSION") Then ASPCookieName = myCookie ASPCookieValue = oContext.Request.Cookies(myCookie).Value Return True End If Next Return False End Function
Public Sub New(ByRef oInContext As HttpContext) oContext = oInContext ASPSessionVarASP = "SessionVar.asp"
Dim oURL As System.Uri = oContext.Request.Url ASPSessionVarASP = oURL.Scheme & "://" & oURL.Host & ":" & oURL.Port.ToString() & "/" & ASPSessionVarASP End Sub End Class
Now, to read an ASP session variable from your ASP.NET application, just create an instance of the ASPSessionVar class and call its GetSessionVar() method. Here's a simple example:
Dim MyVar as ASPSessionVar = New ASPSessionVar(HttpContext.Current) Dim username As String = MyVar.GetSessionVar("username")
Note: This code works with ASP.NET version 2.0.50727.210 with .NET Framework version 2.0.50272.42. It should work fine with others, but this is the only one I've tested it on.