ASP. after logging on to. NET, JSP can use ASP. net Session value. at the beginning, the idea of baby (itbaby.jss.cn) was ASP. NET serialization Session is saved to the database as binary data, and then the JSP reads the binary data in the database and deserializes it into a Session object, and then forcibly converts it into a JAVA Session object. During JAVA-side conversion, if an error occurs, you cannot solve the problem by searching online materials. Therefore, you can use a replacement method.
Ideas for the replacement method:
Log on to the ASPX file. After Successful Logon, save the variable values in the Session to a table in the database. Use the SessionID of the Session object of ASP. NET, create An ASPX file, and obtain
Get the SessionID of the currently logged-on user and use the ASP. NET redirect statement to go to the JSP file. The URL request path format is test. jsp? Aspnetsessionid = ffj12d455p0ujr45vdqwhh45, if
ASP. NET is not logged on or logon fails. Although there is a SessionID value, the database does not have data associated with this SessionID.
Some readers may find that test. jsp is not required?
Aspnetsessionid = ffj12d455p0ujr45vdqwhh45 and other request paths can also be completed. Yes, you can use test. jsp? Userid = 1111
The value is also passed. Of course, userid is the value obtained after ASP. NET is successfully logged on, but some users can know the sensitive data of USERID (User ID.
Create a table
◆ Table name:
◆ Iis_session
◆ Field name:
◆ Id varchar (26) -- store the SessionID of ASP. NET
◆ Userid int (4) -- stores the user ID after Successful Logon
◆ Power int (4) -- store the user's permission number
Source code snippets of ASP. NET programs:
/* After successful login, you can place the following CODEING on the logon authentication ASPX page * // record the Session value to the database private void WriteSession2DB (string sessionID, stringsUID, string sPWR) {// connect to the database code. The reader automatically adds string sessID = sessionID; string strSQL = "insert into iis_session (id, userid, power) Values (@ seionID, @ UID, @ PWR) "; // webmod. sqlConn is the connection object of the database. The reader replaces it with his own database connection SqlCommand sqlCmd = new SqlCommand (strSQL, webmod. sqlConn); sqlCmd. parameters. add ("@ seionID", SqlDbType. varChar ). value = sessID; sqlCmd. parameters. add ("@ UID", SqlDbType. int) .Value = Convert.ToInt32(sUID.Trim()); sqlCmd.Parameters.Add("@PWR", SqlDbType.Int) . Value = Convert. toInt32 (sPWR. trim (); sqlCmd. executeNonQuery (); // closes the database connection, and the reader adds it by himself.}/* when the user exits the system, delete a row of data for the SessionID in the database, which can be placed on the exit page, Or Global. in asax's Session_END process * // Delete the Session value private void RemoveSession4DB () {// connect to the database code. The reader adds string sessID = Session. sessionID; string strSQL = "delete from iis_session where id = '" + sessID + "'"; // webmod. sqlConn is the connection object of the database. The reader replaces it with his own database connection SqlCommand sqlCmd = new SqlCommand (strSQL, webmod. sqlConn); sqlCmd. executeNonQuery (); // closes the database connection, and the reader adds}/* a aspx page redirected to JSP, add the following code in PAGE_LOAD on this ASPX page */pr Ivate void Page_Load (object sender, System. EventArgs e) {string strSessionID = Session. SessionID. Trim (); String strRoot = "http: // localhost/test. jsp? aspnetsessionid="+strSessionID; Response.Redirect(strRoot,true); } |
JSP program source code snippets:
<% @ Page contentType = "text/html; charset = gb2312" %> <%/* your own database connection class. You can replace it with your own */%> <jsp: useBean id = "db" scope = "page" Class = "com. itbaby. bean. dbx. database "/> <% String sASPNetSessionID = request. getParameter ("aspnetsessionid"); // The connection pool is used to connect to the database. you can replace it with your own String sDBSourceName = "itbaby_dbpool"; db. dbConnOpen (sDBSourceName); String sSql = "select userid, power from iis_session Where id = '"+ sASPNetSessionID +"' "; // The Reader replaces the java code for reading the result set. SQL. resultSet rs = db. getRs (sSql); if (rs. next () {String sUID = rs. getString (1); String sPower = rs. getString (2);/* read the value of the SESSIONID in the database and display it, If ASP. net session times out, no Value */out. print ("<H1> ASP. Net Session Value UserID = "+sUID+"</H1><br><br>"); out.print("<H1>ASP.Net Session Value Power = "+sPower+"</H1><br><br>"); } rs.close(); db.dbConnClose(); %> |
Well, although it is not a good method, it can also be used to protect users' sensitive data. I will continue to consider using serialization and deserialization to share Session objects between different WEB languages, instead of sharing Session values.