Menu
In a previous job we had a classic ASP application that no one wanted to migrate to ASP.NET. The things that it did, it did very well.
However there was some new functionality that needed to be added that just seemed best suited to ASP.NET. The decision was made to allow the system to become a weird hybrid of ASP and ASP.NET.
Our biggest sticking point was session management and we hacked together a solution to pass session values through form variables. I've talked to others that handled this same problem through cookies.
Both methods seem a horrible kluge (in addition to being terribly insecure).
Is there a better or cleaner way or is this just such a bad idea to begin with that discussion on the topic is pointless?
887
No. ASP or also popularly known as Classic ASP developed by Microsoft is first Server-side scripting engine which is used for dynamic generation of web pages. ASP.NET, on the other hand, is a server-side web framework, open-source, which is designed for the generation of dynamic web pages.
Active Server Pages (ASP) support in Windows - Internet Information Services | Microsoft Learn. This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
NET class that creates a request containing the ASP Session cookie and sends it to an ASP page to retrieve the ASP Session variable and an ASP page that authenticates the request and returns the Session variable, you can share Session state between ASP.NET and ASP apps.
ASP Classic is comprised of VBScript or JavaScript interpreted at run-time which means each page has a specific performance hit doe to line by line interpretation. The interpretation of the pages simply results in some inefficiency. ASP.NET however compiles the code the first time it is accessed.
Can you not persist session data to a serverside data store? ie XML file, database etc. You could then pass just a hash (calculated based on some criteria that securely identifies the session) to a .NET page which can the pick the data up from the data store using this identifier and populate your session data. It still means having to pass requests from ASP to ASP.NET through a proxy each time to ensure the latest session data is available in each app but I don't know of an alternative way to achieve this I'm afraid.
176
I have had to deal with the same problem. In my case, I encrypted a key into a cookie and used the database for any other information. I wrote the encryption in .NET and inter-op'd to decrypt the id on the ASP side. There is some weirdness dealing with base-64 string in that ASP will not get the same string as .NET, so you may have to do as I did and rewrite the base-64 string to hex equivalent or some similar lowest-common-denominator tactic. It is relatively secure (save a XSS attack).
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
