There are many valid reasons for wanting to have a classic ASP web application and an ASP.NET application share the same session. You may be migrating a large one over to ASP.NET and need to convert it in stages. You may be tasked with adding a new ASP.NET module to an existing ASP page. However, sending ASP session variables to the end user's web browser through forms or cookies is a major security concern. It exposes the inner workings of the ASP application to the web clients.
In researching how to accomplish it, I came across [link http://searchvb.techtarget.com/tip/1,289483,sid8_gci951935,00.html]this post[/link] which details a secure way to get your ASP session variables into your ASP.NET application. What you basically do is write a new ASP page which receives a request for a session variable and returns it. It will only respond to requests from the local machine. Then you write an ASP.NET class which sends the request to the ASP page. The example was given in C#, but my company wants everything in VB, so I converted it.
Here is the code for the ASP page you will create. Name it "SessionVar.asp".
Code:
<%
Dim sT
if Request.ServerVariables("REMOTE_ADDR") = Request.ServerVariables("LOCAL_ADDR") Then
sT = Request("SessionVar")
if Trim(sT) <> "" Then
Response.Write Session(sT)
End If
End If
%>
Next, in your ASP.NET application, create a new class. Here is the code for the class:
Code:
Imports Microsoft.VisualBasic
Imports System.Net
Imports System.IO
Public Class ASPSessionVar
Dim oContext As HttpContext
Dim ASPSessionVarASP As String
Public Function GetSessionVar(ByVal ASPSessionVar As String) As String
Dim ASPCookieName As String = ""
Dim ASPCookieValue As String = ""
If Not (GetSessionCookie(ASPCookieName, ASPCookieValue)) Then
Return ""
End If
Dim myRequest As HttpWebRequest = CType(WebRequest.Create(ASPSessionVarASP + "?SessionVar=" + ASPSessionVar), HttpWebRequest)
myRequest.Headers.Add("Cookie: " + ASPCookieName + "=" + ASPCookieValue)
Dim myResponse As HttpWebResponse = CType(myRequest.GetResponse(), HttpWebResponse)
Dim receiveStream As Stream = myResponse.GetResponseStream()
Dim encode As System.Text.Encoding = System.Text.Encoding.GetEncoding("utf-8")
Dim readStream As StreamReader = New StreamReader(receiveStream, encode)
Dim sResponse As String = readStream.ReadToEnd()
myResponse.Close()
readStream.Close()
GetSessionVar = sResponse
End Function
Private Function GetSessionCookie(ByRef ASPCookieName As String, ByRef ASPCookieValue As String) As Boolean
ASPCookieName = ""
ASPCookieValue = ""
For Each myCookie As String In oContext.Request.Cookies
If myCookie.StartsWith("ASPSESSION") Then
ASPCookieName = myCookie
ASPCookieValue = oContext.Request.Cookies(myCookie).Value
Return True
End If
Next
Return False
End Function
Public Sub New(ByRef oInContext As HttpContext)
oContext = oInContext
ASPSessionVarASP = "SessionVar.asp"
Dim oURL As System.Uri = oContext.Request.Url
ASPSessionVarASP = oURL.Scheme & "://" & oURL.Host & ":" & oURL.Port.ToString() & "/" & ASPSessionVarASP
End Sub
End Class
Now, to read an ASP session variable from your ASP.NET application, just create an instance of the ASPSessionVar class and call its GetSessionVar() method. Here's a simple example:
Code:
Dim MyVar as ASPSessionVar = New ASPSessionVar(HttpContext.Current)
Dim username As String = MyVar.GetSessionVar("username")
Note: This code works with ASP.NET version 2.0.50727.210 with .NET Framework version 2.0.50272.42. It should work fine with others, but this is the only one I've tested it on.
