The idea is that the serialized session in the ASP.net is saved to the database in binary data, then by the JSP read binary data in the database deserialized into the session object, and then forced to convert to the session object, in the Java side of the conversion, there are errors, find the information on the Internet has not been able to solve, so the use of a replacement Way.
Way of thinking of the replacement:
In the ASPX file that is logged in, the value of the variable in the session is saved to a table in the database after the login succeeds, Keyword uses the sessionid of the ASP.net session object, then creates an ASPX file, obtains the current logged-on user's SessionID, and uses the ASP.net redirection statement to go to the JSP file, the URL request path format for test.jsp? ASPNETSESSIONID=FFJ12D455P0UJR45VDQWHH45, If ASP.net is not logged in or the login is unsuccessful, although there is a SessionID value, the database is not the SessionID associated with the data that may be found by readers without test.jsp?aspnetsessionid= Ffj12d455p0ujr45vdqwhh45 the path of such a request can also be completed, yes, you can also pass the value in such a way as test.jsp?userid=1111, Of course, UserID is the value obtained after the asp.net landed, but some users will be able to know userid this sensitive data.
Create a table
Copy Code code as follows:
TableName:
Iis_session
FieldName
idvarchar--Storage of ASP.net SessionID
useridint--the user number after successful login
powerint--the user's permission number
Copy Code code as follows:
After successful login, you can place the following codeing in the authenticated aspx page of the login/
Record Sessionvalue to Database
Privatevoidwritesession2db
When the user exits the system, deletes the corresponding SessionID row of data in the database, can be placed in the Exit page, or Global.asax Session_End process
Delete Sessionvalue in the database
Privatevoidremovesession4db
An ASPX page that redirects to the JSP and adds the following code to the Page_Load of the ASPX page.
Privatevoidpage_load
Copy Code code as follows:
<% @pagecontentType = "text/html;charset=gb2312"%>
<%
/
Their own database connection classes, users can replace their own
/
%>
<jsp:usebeanid= "DB" scope= "page"/>
<%
Stringsaspnetsessionid=request.getparameter;
Using the connection pool connection database, users can replace their own
Stringsdbsourcename= "Itbaby_dbpool";
Db.dbconnopen;
Stringssql= "Selectuserid,powerfromiis_sessionwhereid= '" "+saspnetsessionid+" ";
Readers themselves replace the code that reads the result set
Java.sql.resultsetrs=db.getrs;
If
Rs.close;
Db.dbconnclose;
%>
Well, although not a good method, but also can be used, but also protects the user's some sensitive data
I will continue to consider using serialization and deserialization to share session objects between different Web languages instead of the above, shared session values