Session from ASP to PHP 1

[RemoteSilicon]

Hello
I am having a very complex situation here. I have created a few session variables on an ASP page on one site say "A Site". It is hosted on Windows 2000 Server. I want the next page to be a PHP page of another site hosted on a different server i.e Linux. I want to read the session variables on PHP page. How am I going to do that? Plz help

 

[mithrilhall]

You could pass them in the querystring if you wanted (I think).

 

[rycamor]

You might want to ask how session variables are saved in the ASP forum. PHP generally saves session variables the designated temp directory, and they are simply text files with serialized data. I don't know how ASP saves session vars.

Your best bet is probably to make your own "homegrown" session manager, which stores session keys and data in a database. Sessions are essentially a simple mechanism, so it shouldn't be too hard to do. As long as your variables are simple strings or numbers, it shouldn't be too difficult to save them from one environment and read them in another.

Here is a link to an article about customizing session handlers in PHP, to save to a database:

http://phpbuilder.com/columns/ying20000602.php3

I don't know if this kind of thing is necessarily the answer, since it will still serialize your variables as it writes them to the database. Also, as I said, I don't know if ASP offers the ability to directly interact with its session handling mechanism.

But, essentially, you can do it yourself. On the beginning side, just set a unique ID key with a good randomizing function, and save your server-side data associated with that ID. You can save it in a database table which stores ID keys and the variables, and then just have the other environment read from that database.

If you are trying to transfer complex variables, such as arrays, you will have a problem. You might want to try the WDDX library, because it offers ways to serialize variables accross programming environments. I have never used it, though, so I can't offer any real help there.

 

[RemoteSilicon]

Thanks for your detailed reply "rycamor". Do you know how I can tranfer session variable "A" created in ASP to on "Windows 2000 server" to access the value in another PHP page on another server i.e "Linux". I can't figure out the way plz. help

 

[rycamor]

You see, here we have a definite problem, because sessions are server-side data, with only an identifier being passed on the client side. It would be less of a problem if you were using ASP and PHP on the same server. Going from one to another means you need a way of transferring the variables themselves.

If these values are not too large, you could just place them on the querystring for the journey from one server to another, where they are then simply "handed over" to a new session created on that server. The only problem with this is security: if this is sensitive data, then passing it in plain text on the query string is a bad idea. You could come up with an encryption scheme of some sort, which, on the last page at your ASP site would pack the variables into an encrypted string with PGP, using the public key on the PHP server, so only that server could decrypt it. So then, on the PHP side, the server has a user come to the page, presenting a query string of encrypted data, which id decodes, and then sets a new session for that user, based on the data received, and sends the user onward.

If these session variables are too large to pass on the query string (I doubt it), then you could store the variables in a database on the ASP server, and give the PHP server access rights to that database. In that case, you would just pass along enough data to identify the user, and then, based on that data, query the remote database for the rest.

This may sound complicated, but each piece is just simple mechanics. Don't think in terms of passing a "session" to the other server, but of simply passing the relevant data, which can be used to create a new session on the other server.

In all of this, be careful, because you could be playing with a time bomb, securitywise. If you really aren't sure you understand how to preserve security, study it or ask advice, or even hire someone until you ARE sure.