Read classic ASP's cookies with PHP

Question 1

How do I obtain the asp cookie's name and value using PHP so i may assign it to a variable? PHP and ASP are on the same domain.

Classic Asp Create Cookie

response.cookies("apple")("red")="reddelicious"
response.cookies("apple")("yellow")="gingergold"
response.cookies("apple")("green")="grannysmith"
response.cookies("apple").expires = dateadd("d",2,Now())

Classic ASP Read Cookie

strRed = request.cookies("apple")("red")
strYellow = request.cookies("apple")("yellow")
strGreen = request.cookies("apple")("green")

Reading The ASP cookies with PHP echo

echo $_COOKIE["apple"];

In firebug, after expanding the 'apple' cookie within the console, 'echo $_COOKIE["apple"]' outputs:

red=reddelicious&yellow=gingergold&green=grannysmith

Tried:

$strRed = $_COOKIE["apple"]["red"]; //doesn't work

Question 2

You could use the parse_str function in php

<?php

parse_str($_COOKIE["apple"], $apple);

echo($apple["red"]);

?>

Question 3

Cookie data are sent to the server (and forwarded to the PHP interpreter) when the client performs the request. Therefore, a cookie set by JavaScript on the client after the page has been requested from the server will not be transmitted until the next request to same server.

What you'll have to do is to perform some kind of request (could be done via AJAX) where a PHP script handles the incoming cookie information and stores it in the DB.

Question 4

Add a break statement after the end of the first switch condition on the nodeType:

<?php
$xml = new XMLReader();
$xml->open("php://stdin");

while($xml->read()) {

  switch($xml->nodeType) {
    case XMLReader::ELEMENT:
      switch($xml->name) {
        case 'author':
          echo("+" . $xml->name);
          break;
    }

    // THIS LINE IS MISSING
    break;

    case XMLReader::END_ELEMENT:
      switch($xml->name) {
        case 'author':
          echo("-" . $xml->name);
          break;
      }
    }
  }
?>

Add another break after reading the END_ELEMENT, as well, if only for symmetry.

    case XMLReader::END_ELEMENT:
      switch($xml->name) {
        case 'author':
          echo("-" . $xml->name);
          break;
      }
    }

    break;

The problem happened because of the coding style. Simplify the code. For example:

$xml = new XMLReader();
$xml->open("php://stdin");

while($xml->read()) {    
  switch($xml->nodeType) {
    case XMLReader::ELEMENT: {
      startElement( $xml->name );
      break;
    }

    case XMLReader::END_ELEMENT: {
      endElement( $xml->name );
      break;
    }
  }
}

There are further simplifications you can make. PHP has an XML marshalling package, but you could also abstract the code into classes. Instances of those classes would then be able to read (or write) themselves from (or to) an XML file. For example:

$xml = new XMLReader();
$xml->open("php://stdin");

while($xml->read()) {    
  if( $xml->name == 'author' ) {
    $author = new Author();
    $author->marshall( $xml );
  }
}

This couples the details of how the object is stored with the object itself. Any time you change the Author object, you know you must change how it marshalls itself. You could abstract and extend these concepts even further using appropriate design patterns, XML schemas, and so forth.

Thus your final code might resemble:

$xml = new XMLReader();
$xml->open( "php://stdin" );
$publications = new Publications();
$publications->marshall( $xml );

The Publications object is responsible for reading the XML document and instantiating the appropriate classes whenever their associated XML tags appear:

while($xml->read()) {    
  $article = new Article();
  $article->marshall( $xml );
  add( $article );
}

Use a PHP marshalling framework to save yourself time and effort. Consider XML_Serializer:

http://pear.php.net/package/XML_Serializer

Question 5

The best answer I've been able to find for this issue was the following. Specific to sharing a login between Classic ASP and ASP.net, but the methodology is exactly the same:

As you probably already know, classic asp and asp.net cannot share the same session state, so you do need to have a mechanism to log from one into the other.

What I would do is: when someone logs in, create a unique GUID that you save in the database for that user. When you jump from one site to the other, pass that GUID into the query string. When you try to auto-log them into the other site, look up that GUID and see if it's attached to anyone. If it is, log them in.

This way you aren't passing anything that a user could guess or decrypt.

Additionally, it's smart to add a timestamp to the database as well; and the GUID should only be valid for a second or two. Log in on the PHP end, then flip over to ASP and check the GUID.

Not totally secure, but appears to be about as secure as I'm going to find.

source: https://.com/a/921575/339440

Edit to add: per comments, also record the user's IP address to the database and compare it on the ASP side. No teleporting allowed!

CORRECTION: In this case "GUID" is a misnomer. What you need here is a random string of characters, not a GUID. A GUID is a semi-random construct with one of a handful of specific formats, and is not applicable here.

Question 6

Response.AddHeader "Set-Cookie", "mycookie=yo; HttpOnly"

Other options like expires, path and secure can be also added in this way. I don't know of any magical way to change your whole cookies collection, but I could be wrong about that.

Read classic ASP's cookies with PHP

Answers

php,cookies,asp-classic