Persist Session from ASP.NET to PHP

Question

I have an ASP.NET login form which creates a session when successfully logged in. It uses POST.

I'd like to retrieve this session data in the PHP end but unsure how to achieve this.

The session name is 'CUSTOMER_LOGGED_IN'.

I use 'session_start()' in the header of my PHP template to persist the session, which it does , but I'm unsure how to then display the session data in my PHP template.

Can anyone assist?

Many thanks for any pointers.

Answer 1

As thenetimp mentioned, you can't access the session directly. An alternative to cookies or filesystem is a database since you don't need to store any data client side and you don't need to deal with reading/writing files to the file system.

This question has some other good solutions.

Answer 2

You are missing the point that sessions are implemented by the server side language. The session management in asp.net will be different to the php implementation. You will need to devise some mechanism of sharing the session data, possibly through authentication cookies and a shared server side session store.

You are going to need to find a way to tell asp.net and php what session token the user has. In theory you would

• Log the user in on asp.net. You could use the session mecahnisms built into asp.net or do it all manually. Sessions are just data stores tied to a client with some tokens. So your session initialisation will give you some authentication tokens which need to be available on the client side as cookies.
• Store the session data in a place where both the php and asp.net implementations can access it, using the session id to index it.
• Pass the tokens back up to the php implementation (through client side cookies)
• Load the data from the shared session store manually or by customising the session mechanisms in php

I'll have to admit this is not easy. Either way I think it is some effort to share this information. I understand more about php than I do about asp.net but the concepts translate. In php you can use the session_set_save_handler() functionality to overide how sessions work. This will allow you to store and retrieve sessions from a database which is essentialy what you would be doing.

On shared hosts I have often stored sessions in the database for security purposes. Ideally you don't want to be contacting a remote database on every request if you can avoid it, which is why I only use it for administrative backend features with very few users. There are a few tutorials floating around on how to achieve this which can be customised to use different saving mechanisms

See:

http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/

You might also consider encrypting all of the session data you want on the asp.net side, storing this data on the client side as a cookie, and then have the php create its own session by decrypting the encrypted cookie. You have to be careful with these sort of approaches and it should certainly be over https for both the php and and asp.net access.

You haven't mentioned anything about domains at all. If you are looking to authenticate on a remote location this is sort of similar to CAS authentication.

I hope this is somewhat helpful, at least in pointing out what you are aiming to do. Perhaps someone who has already done this will be able to offer more specific advice.

Answer 3

ASP and PHP stor sessions differently so you can't access them directly. You could encrypt the session data in a cookie and pass the cookie to php using a shard secret.

The only other way is if they share a filesystem you'd write to the file system with ASP and then read it with PHP but that can get messy if both sides need to write to the same session data. so I don't really recommend that in that case.

Answer 4

最好的选择是proc会话，它将会话信息存储在ASP.NET和PHP都可以访问的外部存储（例如sql数据库）中。