Let JSP share session value with ASP.net

This topic has just begun, My idea is that the serialization session in ASP.net is saved to the database in binary data, then by the JSP read binary data in the database reverse serialization into the Session object, and then forced into the Java session object, in the Java side of the conversion, there are errors, find the information on the Internet has not been able to solve, so mining In a way that replaces it.

Way of thinking of the replacement:

In the ASPX file that is logged in, the value of the variable in session is saved to a table in the database, the keyword uses the sessionid of the ASP.net session object, and then an ASPX file is created to obtain the SessionID of the current logged-on user. and use the ASP.net redirection statement, go to the JSP file, the URL request path format for test.jsp?aspnetsessionid=ffj12d455p0ujr45vdqwhh45, If ASP.net is not logged in or the login is unsuccessful, although there is a SessionID value, the database is not the SessionID associated with the data that may be found by readers without test.jsp?aspnetsessionid= Ffj12d455p0ujr45vdqwhh45 the path of such a request can also be completed, yes, you can also pass the value in such a way as test.jsp?userid=1111, Of course userid is the value obtained after the asp.net landed, but some users will be able to know the sensitive data of userid (User ID).

Create a table

Table Name:

Iis_session

Field Name:

ID varchar (26)--Storage of ASP.net SessionID

UserID Int (4)--the user number that holds the successful login

Power Int (4)--The user's permission number

Asp. NET program Source fragment:

/* Login is successful, the following codeing can be placed on the authenticated ASPX page of the login * *
Record session value to database
private void Writesession2db (string sessionid,string suid,string SPWR)
{
Connect the database code, the reader adds itself
string sessid = SessionID;
String strSQL = "INSERT into iis_session (id,userid,power) VALUES (@seionID, @UID, @PWR)";
Webmod.sqlconn is the database connection object, the reader replaces itself with the database connection
SqlCommand SQLCMD = new SqlCommand (strsql,webmod.sqlconn);
SQLCMD.PARAMETERS.ADD ("@seionID", SqlDbType.VarChar). Value = Sessid;
SQLCMD.PARAMETERS.ADD ("@UID", SqlDbType.Int). Value = Convert.ToInt32 (Suid.trim ());
SQLCMD.PARAMETERS.ADD ("@PWR", SqlDbType.Int). Value = Convert.ToInt32 (Spwr.trim ());
Sqlcmd.executenonquery ();
Close the database connection and add the reader yourself
}
/* When the user exits the system, the database in the corresponding SessionID row of data deleted, can be placed in the Exit page, or global.asax session_end process * *
Delete Session value in the database
private void Removesession4db ()
{
Connect the database code, the reader adds itself
string sessid = Session.SessionID;
String strSQL = "Delete from iis_session where id= '" +sessid+ "";
Webmod.sqlconn is the database connection object, the reader replaces itself with the database connection
SqlCommand SQLCMD = new SqlCommand (strsql,webmod.sqlconn);
Sqlcmd.executenonquery ();
Close the database connection and add the reader yourself
}
/* An ASPX page redirected to JSP, add the following code to the Page_Load of this aspx page * *
private void Page_Load (object sender, System.EventArgs e)
{
String Strsessionid = Session.SessionID.Trim ();
String strroot = "http://localhost/test.jsp?aspnetsessionid=" +strsessionid;
Response.Redirect (strroot,true);
}

JSP Program Source fragment:

＜%@ page contentType="text/html;charset=gb2312"%＞
＜%
/*
自己的数据库连接类，用户可以自己替换
*/
%＞
＜jsp:useBean id="db" scope="page" class="com.itbaby.bean.dbx.database"/＞
＜%
String sASPNetSessionID=request.getParameter("aspnetsessionid");
//使用了连接池连接数据库，用户可以替换成自己的
String sDBSourceName="itbaby_dbpool";
db.dbConnOpen(sDBSourceName);
String sSql="select userid，power from iis_session where id=’"+sASPNetSessionID+"’";
//读者自己替换读出结果集的代码
java.sql.ResultSet rs=db.getRs(sSql);
if(rs.next())
{
　String sUID = rs.getString(1);
　String sPower = rs.getString(2);
　/*将数据库中对应的SESSIONID的值读出来，并显示，如果ASP.NET的SESSION超时，将没有值*/
　out.print("＜H1＞ASP.Net Session Value UserID = "+sUID+"＜/H1＞＜br＞＜br＞");
　out.print("＜H1＞ASP.Net Session Value Power = "+sPower+"＜/H1＞＜br＞＜br＞");
}
rs.close();
db.dbConnClose();
%＞

Well, although it's not a good method, but it can be used, and also protects some of the user's sensitive data, I will continue to consider using serialization and deserialization to share the session object between different Web languages instead of sharing the session value.