Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to access ASP classic session variable from PHP?

I have a login protected back office website written in ASP classic running on Windows. Login status is stored in a session variable. I also have a PHP page that should be accessible only to logged in users. How do I check in PHP that the client is logged in to this website?

P.S. There may be multiple users accessing the page at the same time.

like image 665
Yury Fedorov Avatar asked Jan 06 '23 03:01

Yury Fedorov


2 Answers

By assuming both PHP and ASP applications share the same domain name, here's a step by step guide.

1 - Create an asp file named sessionConnector.asp.

2 - In sessionConnector.asp, serialize the Session.Contents object into a format that PHP can deserialize, JSON for example. You can use JSON.asp from aspjson.

<%@Language=VBScript CodePage=65001%>
<!--#include file="JSON.asp"-->
<%
Set JSONObject = jsObject()

For Each Key In Session.Contents
    If Not IsObject(Session.Contents(Key)) Then 'skip the objects cannot be serialized
        JSONObject(Key) = Session.Contents(Key)
    End If
Next

JSONObject.Flush
%>

3 - Create a PHP function named GetASPSessionState().

4 - In GetASPSessionState(), make an HTTP request for sessionConnector.asp by specifying the Cookie header filled with $_SERVER["HTTP_COOKIE"] which must contains identifier of the ASP Session, so ASP can identify the user and the response will vary by user.

5 - After fetching the response (string of JSON), deserialize by using json_decode and look for the ASP session variable.

function GetASPSessionState(){
    if(stripos($_SERVER["HTTP_COOKIE"], "ASPSESSIONID") === false){
        # since ASP sessions stored in memory 
        # don't make request to get ASP session state if the cookie does not contain ASPSESSIONID
        # otherwise IIS will create new redundant sessions for each of your checks so it wouldn't be a memory-friendly way
        # returning an empty array
        return array();
    } else {
        $options = array('http' => 
            array('method'=>"GET", 'header' => "Cookie: " . $_SERVER["HTTP_COOKIE"])
        );
        $cx = stream_context_create($options);
        $response = file_get_contents("http://mywebsite.com/sessionConnector.asp", false, $cx);
        return json_decode($response, JSON_FORCE_OBJECT);
    }
}

$aspSessionState = GetASPSessionState();
if($aspSessionState["IsLoggedIn"] == true){
    //user previously logged in with the ASP
}
like image 141
Kul-Tigin Avatar answered Jan 08 '23 15:01

Kul-Tigin


My solution was to auto-submit a webform which works both ways regardless of whether PHP to ASP or ASP to PHP.

On the leading page simply add an OnLoad to the body tag like so:

<body onload="document.xxx.submit()">

Where "xxx" is the is the ID of your form that contains the hidden fields that you want to pass. For example:

<form id="xxx" action="example.asp" method="post">

This will work locally and across domains.

like image 44
WilliamK Avatar answered Jan 08 '23 17:01

WilliamK