Introduction asp.net login, JSP can use ASP.net in the session value, we refer to the use of the bar
The idea is that the serialized session in the ASP.net is saved to the database in binary data, then by the JSP read binary data in the database deserialized into the session object, and then forced to convert to the session object, in the Java side of the conversion, there are errors, find the information on the Internet has not been able to solve, so the use of a replacement The way. Ways to replace the idea: in the aspx file, in the login after the success of the session to save the value of variables to a table in the database, Keyword uses the sessionid of the ASP.net session object, then creates an ASPX file, obtains the current logged-on user's SessionID, and uses the ASP.net redirection statement to go to the JSP file, the URL request path format for test.jsp? ASPNETSESSIONID=FFJ12D455P0UJR45VDQWHH45, If ASP.net is not logged in or the login is unsuccessful, although there is a SessionID value, the database is not the SessionID associated with the data that may be found by readers without test.jsp?aspnetsessionid= Ffj12d455p0ujr45vdqwhh45 the path of such a request can also be completed, yes, you can also pass the value in such a way as test.jsp?userid=1111, Of course userid is the value of the ASP.net landing after the success, but so some users can know userid this sensitive data. Create a table code as follows: Tablename:iis_session fieldname:idvarchar--store asp.net sessionid useridint--store login After successful user number powerint--store user's permission number copy code as follows:/ /login is successful, the following codeing can be placed on the authenticated ASPX page of the login/ //records Sessionvalue to the database privatevoidwritesession2db //When the user exits the system, Deletes a row of the corresponding SessionID in the database, which can be placed on the exit page, or Global.asax Session_End process/ //delete the Sessionvalue in the database PRIVATEVOIDREMOVESESSION4DB //a redirect to the JSP aspx page, in this ASPXThe Page_Load of the page is added with the following code/privatevoidpage_load code as follows: <% @pagecontentType = "text/html;charset=gb2312"%> <%/own database connection class, users can replace/%> <jsp:usebeanid= "db" scope= "page"/> <% stringsaspnetsessionid= Request.getparameter; //Use of connection pool connection database, users can replace their own stringsdbsourcename= "Itbaby_dbpool"; Db.dbconnopen; stringssql= "selectuserid,powerfromiis_sessionwhereid= '" +saspnetsessionid+ ""; //readers themselves replace the code java.sql.resultsetrs=db.getrs that read out the result set; IF) rs.close; Db.dbconnclose; %> OK, although not very good method, but also can use, also protects the user some sensitive data I will continue to consider using serialization and deserialization to share session objects between different Web languages instead of the above, shared session values