0

I have inherited an Classic ASP Site and a "bolt-on" ASP.NET site...

NEITHER are using Authentication, BOTH sides have a manual "reinvent-the- wheel" (hard-coded) security system that validates the user/pw from a SQL 2000 database (i.e. "if the user is found via a SQL SELECT, let them in").

New development is in ASP.NET... and they have "integrated" the two sites via ONE login (described above) on the Classic ASP side... then passing a GUID (saved at the time of login to the users record) they validate the GUID on the ASP.NET side ("yes, this is the correct GUID, therefore this is my user... let them in").

Up until now this has been working ONE DIRECTION (Classic ASP to ASP.NET) only with no issues.

(Getting to the problem, bear with me...)

Now they want to perform the same basic design from ASP.NET to Classic ASP by updating the GUID, passing it back, where the lookup validates the user, send them to the correct Classic ASP page... (so the user can return to the Classic ASP side without re-loging-in, previously required) HOWEVER...

***HERE's THE PROBLEM Session("UserID") is used on the Classic ASP side to (hard code) validate the user... then Response.Redirect is run to send them back to the page that they previously left via "sRedirectToString" ...

    'user is found in DB, so send them to the correct page...
    Dim sRedirectToString = 'the correct url
    Call Response.Redirect (sRedirectToString)

HOWEVER, Session("UserID") gets cleared by IIS or IE (dun'no) and the (hard-coded) validation fails because Session("UserID") is NULL (blank)

Here's the simple (only) validation:

    If Trim(Session("UserID") & "") = "" Then
        'Session timed out
        Response.Redirect('the denied page)
    Else
        Response.Write "<meta http-equiv=""X-UA-Compatible"" content=""IE=EmulateIE7"">"
    End If

So, why are the Session Variables being cleared by a Redirect? (there is no other system authentication is being used).

There is no Session.Abort, nor any specific coding that is clearing Session("UserID").

But when Session("UserID") is tested (see code above) it is found empty and redirects to the DENIED.asp page.

So, hoping there is some property like "PersistSessionVariables" (or something) that I can set so they don't clear...

BUT THEY DO INDEED CLEAR IMMEDIATELY AFTER THE REDIRECT AND THIS IS CONFUSING TO ME.

I appreciate all the Wizards help!

user692942
  • 16,398
  • 7
  • 76
  • 175
Chuckv
  • 33
  • 7
  • 1
    Possible duplicate of [Losing Session between Classic ASP and ASP.NET](http://stackoverflow.com/questions/2774040/losing-session-between-classic-asp-and-asp-net) – user692942 Sep 14 '16 at 09:36
  • As mentioned above, I am not utilizing Authentication on either side... employing an Authentication solution is not a solution for me. – Chuckv Sep 14 '16 at 13:52
  • BTW, this is running on a Windows 2003 Server and IIS 6... – Chuckv Sep 14 '16 at 15:04
  • I'm loosing Session Variables INSIDE of Classic ASP... this is not a question about the xfer between Classic and .NET – Chuckv Sep 14 '16 at 16:49
  • The redirect, is it from ASP to ASP.Net, vice versa or ASP to ASP YOU don't make it CLEAR? – user692942 Sep 14 '16 at 18:04
  • If the issue is ASP.Net to ASP does the redirect from ASP.Net change protocols *(http to https etc.)*? This could be the cause if [`New ID on secure connection` is `true`](http://stackoverflow.com/a/23266202/692942) in the ASP settings in IIS. – user692942 Sep 14 '16 at 18:09
  • Here's the flow... (which is basically what I wrote above) 1. User logs in on Classic ASP navigates to an .asp page... 2. User requires functionality that is on ASP.NET, they are Redirected with parameters (GUID, DeptID, UserID) to an .aspx page. 3. User completes functionality on ASP.NET side and clicks command button to take them back to Classic ASP side. They are Redirected with parameters (GUID, UserID) to a "PassParameters.asp" page that validates them as a user and if successful, Redirects them to the main menu inside the ASP site... THIS Redirect causes all Session Variables to dump. – Chuckv Sep 14 '16 at 19:49

0 Answers0