PHP with ASP Sessions

Anon

I'm installing a PHP applictation as an additional module to an exising ASP site.

I need users to be able to logon to the ASP site, and then to be able use the PHP app without re-authenticating.

The ASP site uses ASP session, but only to store the session variable. Other session data is stored in a database.

Appreciate any hints on how to do this.

Thanks

Anon

From an actual session standpoint its impossible. You could always pass the session id through via querystring and store all the info for that session from asp in a db then have the PHP app check the db to see if the session id being passed is truely authenticated. Use global.asa's Session_OnEnd to delete that session id from the db. You might even consider upgrading to ASP.NET as it has one liner code session handling via db, or just convert your existing ASP app to PHP, but sometimes that isn't always a time efficent activity in the 'real' world.

Anon

Thanks, the session data is stored in a db, so if I try your idea of passing the session id in a query string then I should be able to bluff some sort of peristence.

Thanks for the good advice.

Anon

Be careful when you do. Remember that if you pass this information in a querystring or even through a form that this information is sent plain text. Someone could easily just pass the same information.

You may want to consider encrypting the querystring and including an encrypted date/time as well. You could then decrypt it on the PHP side, compare the date/time to make sure it's within a valid time frame (say 30 secs or so) and then check the DB to ensure that this user has access.

Good luck!

-M