PHP / ASP Session variable problem

Hi, my problem is this .. im creating a website in asp and a few pages that i have are in php .. the site requires you to login, so i am using asp session variables to store the login info .. however, when i try to access these session variables with php i cannot seem to find them .. can anyone help?
ty .. paul (noob)

Why are you creating a site with php & asp? But, hey! I don't mind!
I've never used asp before but I think you can use cookies crossed between these two languages. I'm sure asp can handle cookies, so if you set them with asp, you can read them later on with php. Though it's a lot more easier to just keep it in one language.
If you never used cookies in php before, search php.net for $_SESSION. It's what you need to read a cookie. In combination with the explode() function you can easily store and read from your cookies.

Good luck!

Thanks, I don't really want to use cookies though. They're too insecure to be storing vital information in. Thanks for the input though

What info do you need to store then? Sending a password through a session is just as insecure. Just set a variable that the user has logged in together with the username and/or userid and save it in a cookie. The rest of the info you just pull from the database! I'm not really sure what you mean with 'vital information'. Can you explain?

Did you ever come up with a solution for this problem... I would love to know.

The best I could come up with was passing the variables in the url - totally unacceptable.

If nothing else I'd love to know why you need both asp and php?

-KM-

Hi there,

I haven't read up on this, but knowing how sessions work, you should NOT be able to share session information (at least easily) between PHP and ASP.

Clarification:

Sessions work like this: The session variables are stored SERVER SIDE and the only thing that a client stores is the SESSION ID in a cookie or in the URL. In other words, if I'm logged in to your site, I get a unique session id on my computer that I send to the server every time I want a page from your site. Your server looks up my session id, and gets the variables associated with my session from the server itself.. username, user id, whatever.

Since session variables (except the id) are stored server side, that means that they are stored within the hypertext preprocessor program.. whether it be php or asp. Thus, there is no way to access the session variables from php with asp or vice-versa, UNLESS one of the programs provides some sort of interface. I'm not sure if one of them does or not, but I'm guessing no, since that would be somewhat insecure if any program on your computer could ask for session variables with a session id.

Bottom line is, you can't share session variables b/w php and asp because there's nowhere to get them.. they're stored INSIDE php or asp (ie, not on the client) and you can't get to them with the other program.


Potential Fix:

You could store an identifying session variable in a cookie on the client, but that kind of mitigates the usefulness (and security) of sessions

Another, potentially painful, solution is to make a wrapper in whichever language contains the session code. For example, if your sessions are set up in PHP, and you want ASP to be able to use them, make a PHP wrapper code which gets the session variables, then calls the ASP script from within the PHP script with the appropriate variables. This will probably be too slow for high-volume applications.

Last thing I can think of is to re-write everything in one language


Hope that helped!

-peyton

PHP provides the set_session_handler function (its something like that) that allows you to specify your own functions for reading and writing session data. Via this you can store it in your own file format, use a database or whatever. However it is stored could then be accessed via ASP. Ie you could have a mysql database storing your session data, rewrite the session handler code for php to use it and then pull things out of there based on the session id that can just be passed to asp as a get argument.

-KM-