Control PHP session in ASP.NET application

Question

I maintain an online application that use most of the pages in PHP, but some pages uses for a good reason ASP.NET. Users can login in the PHP part. Is there any option to control or a certain PHP session is active inside the ASP.NET page? Both pages are hosted on one server.

Answer 1

You could build a web service on the PHP side that would allow to perform that check.

You would then call that webservice from the ASP.NET application.

You have to be very very careful however. A service like that would have to be highly secured, because this could provide a way to session hi-jacking, since it provides a way to validate if a certain session exists or not.

You could secure it by only restricting allowed IP(s) or using a form of authentication.

There are different ways you can build webservice.

You could write it a simple page that just does whatever logic you want and then returns a result in JSON or XML (that's the lazy and ugly way of doing it). If you are using a particular framework, you could look to leverage that framework in order to add that service. All major frameworks have ways to do that (Symfony, Silex, Laravel, Yii, Zend, etc.). Zend Framework offers something called Apigility that makes building Restful webservices very easy.

Your ASP.net application, will also need to have a token coming from the PHP side, so it can be used to identify the session.

On the PHP side, you would need to store somewhere that the user is logged in.

This also can be done in different ways and depends on what you want to achieve.

For example, you could store in a database a timestamp along with a token indicating when was the last time you detected an activity from the user. Then, your webservice would check against that db for the token and see if the lastActivity timestamp has an adequate value (you would have to define what adequate means, eg not older than 30 minutes).