简体繁体 English

从ASP.NET到PHP的持久会话

[英]Persist Session from ASP.NET to PHP

原文 2012-02-08 18:37:55 8 4 php/ asp.net/ session/ cookies

I have an ASP.NET login form which creates a session when successfully logged in. It uses POST. 我有一个ASP.NET登录表单，该表单在成功登录后会创建一个会话。它使用POST。

I'd like to retrieve this session data in the PHP end but unsure how to achieve this. 我想在PHP端检索此会话数据，但不确定如何实现。

The session name is 'CUSTOMER_LOGGED_IN'. 会话名称为“ CUSTOMER_LOGGED_IN”。

I use 'session_start()' in the header of my PHP template to persist the session, which it does , but I'm unsure how to then display the session data in my PHP template. 我在PHP模板的标头中使用'session_start（）'来持久化会话， 它确实做到了 ，但是我不确定如何在PHP模板中显示会话数据。

Can anyone assist? 有人可以协助吗？

Many thanks for any pointers. 非常感谢您的指导。

4 个解决方案

As thenetimp mentioned, you can't access the session directly. 正如thenetimp所提到的，您不能直接访问该会话。 An alternative to cookies or filesystem is a database since you don't need to store any data client side and you don't need to deal with reading/writing files to the file system. Cookie或文件系统的替代方法是数据库，因为您不需要存储任何数据客户端，也不需要处理将文件读/写到文件系统中。

This question has some other good solutions. 这个问题还有其他一些好的解决方案。

You are missing the point that sessions are implemented by the server side language. 您错过了由服务器端语言实现会话的要点。 The session management in asp.net will be different to the php implementation. asp.net中的会话管理将与php实现不同。 You will need to devise some mechanism of sharing the session data, possibly through authentication cookies and a shared server side session store. 您将需要设计一些共享会话数据的机制，可能通过身份验证cookie和共享的服务器端会话存储。

You are going to need to find a way to tell asp.net and php what session token the user has. 您将需要找到一种方法来告诉asp.net和php用户具有什么会话令牌。 In theory you would 理论上你会

Log the user in on asp.net. 在asp.net上登录用户。 You could use the session mecahnisms built into asp.net or do it all manually. 您可以使用内置在asp.net中的会话机制，也可以手动完成所有任务。 Sessions are just data stores tied to a client with some tokens. 会话只是通过一些令牌绑定到客户端的数据存储。 So your session initialisation will give you some authentication tokens which need to be available on the client side as cookies. 因此，您的会话初始化将为您提供一些身份验证令牌，这些身份验证令牌需要在客户端以cookie的形式提供。
Store the session data in a place where both the php and asp.net implementations can access it, using the session id to index it. 使用会话ID为会话建立索引，将会话数据存储在php和asp.net实现都可以访问它的地方。
Pass the tokens back up to the php implementation (through client side cookies) 将令牌传递回php实现（通过客户端cookie）
Load the data from the shared session store manually or by customising the session mechanisms in php 手动或通过自定义php中的会话机制从共享会话存储中加载数据

I'll have to admit this is not easy. 我不得不承认这并不容易。 Either way I think it is some effort to share this information. 无论哪种方式，我认为共享这些信息都是一种努力。 I understand more about php than I do about asp.net but the concepts translate. 我对php的了解比对asp.net的了解要多，但是这些概念可以翻译。 In php you can use the session_set_save_handler() functionality to overide how sessions work. 在php中，您可以使用session_set_save_handler（）功能来覆盖会话的工作方式。 This will allow you to store and retrieve sessions from a database which is essentialy what you would be doing. 这将允许您从数据库中存储和检索会话，这对您的工作至关重要。

On shared hosts I have often stored sessions in the database for security purposes. 在共享主机上，出于安全目的，我经常将会话存储在数据库中。 Ideally you don't want to be contacting a remote database on every request if you can avoid it, which is why I only use it for administrative backend features with very few users. 理想情况下，如果可以避免的话，您不想在每个请求上都与远程数据库联系，这就是为什么我只将其用于很少用户的管理后端功能。 There are a few tutorials floating around on how to achieve this which can be customised to use different saving mechanisms 有一些关于如何实现此目标的教程，可以定制以使用不同的保存机制

See: 看到：

http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/ http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/

You might also consider encrypting all of the session data you want on the asp.net side, storing this data on the client side as a cookie, and then have the php create its own session by decrypting the encrypted cookie. 您可能还考虑在asp.net端对所需的所有会话数据进行加密，将这些数据作为cookie存储在客户端，然后让php通过解密加密的cookie来创建自己的会话。 You have to be careful with these sort of approaches and it should certainly be over https for both the php and and asp.net access. 您必须谨慎使用这些方法，并且对于php和asp.net访问来说，都应该通过https进行。

You haven't mentioned anything about domains at all. 您根本没有提及任何有关域的信息。 If you are looking to authenticate on a remote location this is sort of similar to CAS authentication. 如果要在远程位置上进行身份验证，则类似于CAS身份验证。

I hope this is somewhat helpful, at least in pointing out what you are aiming to do. 我希望这对您有所帮助，至少可以指出您的目标。 Perhaps someone who has already done this will be able to offer more specific advice. 也许已经这样做的人将能够提供更具体的建议。

ASP and PHP stor sessions differently so you can't access them directly. ASP和PHP stor会话不同，因此您不能直接访问它们。 You could encrypt the session data in a cookie and pass the cookie to php using a shard secret. 您可以使用cookie加密会话数据并将cookie传递给php。

The only other way is if they share a filesystem you'd write to the file system with ASP and then read it with PHP but that can get messy if both sides need to write to the same session data. 唯一的其他方法是，如果它们共享您将使用ASP写入文件系统然后使用PHP读取文件系统的文件系统，但是如果双方都需要写入相同的会话数据，则可能会变得混乱。 so I don't really recommend that in that case. 因此，我不建议您这样做。

最好的选择是proc会话，它将会话信息存储在ASP.NET和PHP都可以访问的外部存储（例如sql数据库）中。