I'm using an ASP Classic app that makes use of session state. It's got quite a few pages. I'm slowly migrating to .NET, with an ETA of about six months.
Is it worth changing over the classic asp to use a custom DB session for an implementation of that time frame? Or should I just migrate so features are separate between the apps and no session is shared?
Thanks!
In the past, I've transitioned by maintaining two apps, and passing authenication information between the two at the database layer. When the user requests access to the new ASP.Net app, write an entry into a table with guid(s) and a datetime, then redirect to an authentication page, which checks the table for the corresponding row, which is only valid for a certain length of time (30s), and has a one time use.
If the row exists, grants logged in access under the same username.
a common way of doing this, is supporting both sessions during the migration period, and letting asp.net manage authentication of all resources across asp and asp.net.
IIS 6 and higher has a feature that let's you redirect classic asp resources to aspnet handler. ( i believe this is via wild card application maps)
With this, you will get the login re-directs for not authorized sessions.
If you want to have access to .net session from asp session, a common way is to create a handler in .net (call it "/SessionSynch" for example) and than from asp, you can execute a post to it, to get all necessary session data. Something to consider here is security of course. You want to make sure that your .net handler checks the request, and only reveals session information if your request is coming from appropriate source.
you can also synchronize the info via database.
the one common identification between asp and asp.net you can rely on, is the session cookie, which is easily retrieved from both sides. If you fire up Fiddler, you will notice that upon successful authentication your session cookie will be set. you can then use this cookie from asp to retrieve session info from .net
The two things that I would take into consideration are:
If the timeline has not already been accepted and you'd just like to try and add another deliverable, this is not something that should take you very long.
The easiest way to do this (as you have mentioned it's short term only) would be to have an intermediate script (asptoaspx.asp?redirect=aspxscript.aspx) that does an automatic form post (user doesn't see it). Here is a pseudocode for that script.
This way when you go from an ASP page to an ASPX page in your application, you would have your session variables ready to use.
Hope it helps!