How to Share Sessions Between PHP and ASP.NET Application

How to share sessions between PHP and ASP.net application?

I want to tell you, how I ended up doing it.

Both applications access a MySQL database and access a "session" table, which consists of a Guid, the ID of the user, and a confirmationString (I guess I encoded the IDUser in it, somehow) and a date.

Sessions are only started by the PHP application (due to the fact, that the PHP application is still the main application). A new session will result in a new entry in the log table. Every link in the PHP application, that links to the ASP.Net application contains GET-Parameters, containing the Guid etc.

The ASP.net application checks for the GET-Parameters and sets the IDUser in the ASP.Net Session, if the GET-Parameters point to an existing session.

The links pointing back to the PHP application use the same technique.

(There are also other things to consider, like timeouts or logouts, but that can be handled as well)

All in all, I'd say that my approach is useful and none of the customers complained since the deployment (over 1 year ago)

Share sessions between .aspx and .php on an IIS server

I have not practically tested this, but I think this is what you are looking for: How to Share Session State

Also refer to this question How to share sessions between PHP and ASP.net application?

The basic idea is that you store SESSION parameters in a database table and different apps check if those SESSION values exist.

Sharing session data between ASP.NET and PHP

Use a cookie and a database. The cookie contains some unique ID for that session, which you store in the database. Nothing specific to asp.net or php about cookies. Either app can obtain the key from the cookie, and look up the session info in the database.

Persist Session from ASP.NET to PHP

Your best bet is out of proc session that stores session information in an external storage such as sql database that both ASP.NET and PHP will have access.

Passing sessions or authentication state between PHP and ASP.Net

Read this article from Microsoft on sharing session state between classic ASP and ASP.NET:

http://msdn.microsoft.com/en-us/library/aa479313.aspx

Conceptually, I think this is pretty similar to what you're trying to do, though I don't know just how helpful the above document will be to your specific case. Definitely worth a look though.

Share login between PHP and ASP Classic (VBScript)

The best answer I've been able to find for this issue was the following. Specific to sharing a login between Classic ASP and ASP.net, but the methodology is exactly the same:

As you probably already know, classic asp and asp.net cannot share the
same session state, so you do need to have a mechanism to log from one
into the other.

What I would do is: when someone logs in, create a unique GUID that
you save in the database for that user. When you jump from one site to
the other, pass that GUID into the query string. When you try to
auto-log them into the other site, look up that GUID and see if it's
attached to anyone. If it is, log them in.

This way you aren't passing anything that a user could guess or
decrypt.

Additionally, it's smart to add a timestamp to the database as well; and the GUID should only be valid for a second or two. Log in on the PHP end, then flip over to ASP and check the GUID.

Not totally secure, but appears to be about as secure as I'm going to find.

source: https://stackoverflow.com/a/921575/339440

Edit to add: per comments, also record the user's IP address to the database and compare it on the ASP side. No teleporting allowed!

CORRECTION: In this case "GUID" is a misnomer. What you need here is a random string of characters, not a GUID. A GUID is a semi-random construct with one of a handful of specific formats, and is not applicable here.

---

Related Topics