ASP.NET can save the session to database automatically. Is there any way to save the session to database in Classic ASP?
I need to share the session between ASP.NET and Classic ASP by using the database. If Classic ASP isn't support this function. Is there any other method to simulate this?
What are you using the session state for? Is it to store data and for example keep a user logged in across various pages?
You can store session information in the database but you need a way of tying the different session states together.
One way you can keep track of a user's "session" is by using your own cookie that can be read from ASP Classic code and ASP .Net code. You can set the cookie's expiry date to control how long the user kept logged in for before needed to re-authenticate. You can use that cookie to store user id information and any other relevant information you might have stored in session state specific to a user.
ASP Classic code for setting a cookie:
IF HTTPSConnection Then
Response.AddHeader "Set-Cookie",theName & "=" & theValue & "; path=/; HttpOnly; Secure=True; Domain=" & cookieDomainName & "; Expires=" & cookieExpiry
Else
Response.AddHeader "Set-Cookie",theName & "=" & theValue & "; path=/; HttpOnly; Domain=" & cookieDomainName & "; Expires=" & cookieExpiry
END IF
Make sure you set your "HTTPOnly" flag on the cookie(s) to help protect against XSS, MITM, cookie hijack attacks. You could also consider encrypting the data stored in the cookie.
You can loop through the ASP Classic IIS session objects using code like:
For Each ss in Session.Contents
response.write Session.Contents(ss) & "<br/>" 'writes out the session contents
Next
For Each so in Session.StaticObjects
response.write Session.StaticObjects(so) & "<br/>" 'writes out the session objects
Next
