-1

Maybe my understanding of a session is off, but isn't a session stored in the browser? More like, as long as the browser is open, the session should be active, right? (If you don't change the default behaviour).

We have multiple languages in our project, which we are trying to get rid off. Currently, 90% of our code is running in classic asp and will be replaced with PHP.

If I try to access my variables in the asp-part, it works fine:

<%= session("name") %>

This outputs "Jon" for instance.

If I try to get this output via PHP like so:

<? var_dump($_SESSION); ?>

i simply get NULL. Needlessly to say, that <?= $_SESSION["name"] ?> doesn't work as well, then.

I'm never leaving the site, only the paths are different:

mysite.com/default.asp works fine

mysite.com/phptest/session.php only returns NULL when trying to access the session. Why is that? Both languages are running on an IIS. Do I have to somehow tell PHP to access the existing session?

I'm fairly certain, that I combined accessing Session-Vars in PHP + JavaScript before and that worked fine.

DasSaffe
  • 2,080
  • 1
  • 28
  • 67
  • 2
    The session object is specific to Active Server Pages. If you have a mixed site that runs both PHP and ASP, you won't be able to use ASP session variables in your PHP pages. The objects and variables in Session are managed by ASP; the only thing the browser is involved with is keeping a reference to that session in a cookie. –  Jul 30 '19 at 06:13
  • @ChrisBE thanks for the explaination so far. So is there no way of retrieving the vars in PHP then? Maybe if I try to save them via JS first? – DasSaffe Jul 30 '19 at 06:19
  • 2
    Afraid you can't access the session variables on the client, it's a server side feature... what you could do is save the content of the session variables to a cookie, which could then be read by your PHP pages (with a little twist, apparently: [https://stackoverflow.com/questions/31096781/read-classic-asps-cookies-with-php](https://stackoverflow.com/questions/31096781/read-classic-asps-cookies-with-php) ) –  Jul 30 '19 at 06:34
  • Thats a good idea. If you want, make an answer out of that and I'll gladly accept it. Thanks for pointing me in the right direction. – DasSaffe Jul 30 '19 at 06:37
  • 1
    Possible duplicate of [Read classic ASP's cookies with PHP](https://stackoverflow.com/questions/31096781/read-classic-asps-cookies-with-php) – user692942 Jul 30 '19 at 07:20
  • Cookies “works”, but understand that any information you put in a cookie **will** be seen directly by your web user, and **will** be changed by your user to any value they desire, and there isn’t anything you can do to stop them. Nobody is born with all knowledge, so this is not a criticism of your skill: if you were not clear on how sessions work, you almost certainly need to work with someone more experienced, to determine what is safe to put in cookies and what is not safe. There are other (a bit more complex) alternatives suitable for sensitive information. Get assistance. – Euro Micelli Jul 30 '19 at 13:22
  • @EuroMicelli You can secure the connection with HTTPS and [set the cookie `Secure` flag](https://stackoverflow.com/a/13730187/692942). – user692942 Jul 30 '19 at 13:58
  • @lankymart, Secure flag and HTTPS does nothing to protect you against attacks from a rogue user via tools that range from Fiddler to custom hacker tools. I’m not saying that matters on every project, but you have to make that decision actively. Hence, get experienced assistance. Among many other things you have to ask yourself: Do you really, really trust your users? – Euro Micelli Jul 30 '19 at 14:29

1 Answers1

1

The session object is specific to Active Server Pages. If you have a mixed site that runs both PHP and ASP, you won't be able to use ASP session variables in your PHP pages. The objects and variables in Session are managed by ASP; the only thing the browser is involved with is keeping a reference to that session in a cookie.

What you could do is save the content of the session variables to a cookie, which could then be read by your PHP pages (with a little twist, apparently: Read classic ASP's cookies with PHP )

Hope this helps!