I have a login protected back office website written in ASP classic running on Windows. Login status is stored in a session variable. I also have a PHP page that should be accessible only to logged in users. How do I check in PHP that the client is logged in to this website?
P.S. There may be multiple users accessing the page at the same time.
By assuming both PHP and ASP applications share the same domain name, here's a step by step guide.
1 - Create an asp file named sessionConnector.asp.
2 - In sessionConnector.asp, serialize the Session.Contents object into a format that PHP can deserialize, JSON for example. You can use JSON.asp from aspjson.
<%@Language=VBScript CodePage=65001%>
<!--#include file="JSON.asp"-->
<%
Set JSONObject = jsObject()
For Each Key In Session.Contents
If Not IsObject(Session.Contents(Key)) Then 'skip the objects cannot be serialized
JSONObject(Key) = Session.Contents(Key)
End If
Next
JSONObject.Flush
%>
3 - Create a PHP function named GetASPSessionState().
4 - In GetASPSessionState(), make an HTTP request for sessionConnector.asp by specifying the Cookie header filled with $_SERVER["HTTP_COOKIE"] which must contains identifier of the ASP Session, so ASP can identify the user and the response will vary by user.
5 - After fetching the response (string of JSON), deserialize by using json_decode and look for the ASP session variable.
function GetASPSessionState(){
if(stripos($_SERVER["HTTP_COOKIE"], "ASPSESSIONID") === false){
# since ASP sessions stored in memory
# don't make request to get ASP session state if the cookie does not contain ASPSESSIONID
# otherwise IIS will create new redundant sessions for each of your checks so it wouldn't be a memory-friendly way
# returning an empty array
return array();
} else {
$options = array('http' =>
array('method'=>"GET", 'header' => "Cookie: " . $_SERVER["HTTP_COOKIE"])
);
$cx = stream_context_create($options);
$response = file_get_contents("http://mywebsite.com/sessionConnector.asp", false, $cx);
return json_decode($response, JSON_FORCE_OBJECT);
}
}
$aspSessionState = GetASPSessionState();
if($aspSessionState["IsLoggedIn"] == true){
//user previously logged in with the ASP
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 疯言疯语 的文章《How to access ASP classic session variable from PH》','https://www.manongdao.com/article-637026.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}