Sharing Session State Between ASP.NET and JSP

We have 60 odd applications, both in and JSP , now we are planning to bring all this under one single . COuld any one tell me how to handle sessions (common) across these applications

I want a login page to be common for these applications and session created on login page should be shared across applications .
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ryan ChongBusiness Systems Analyst , ex-Senior Application EngineerCommented:
sessions are not able to share among different scripting languages, perhaps you can try use a middle storage media, like a database, so that both scripting languages can "talk" with each other.
Ryan ChongBusiness Systems Analyst , ex-Senior Application EngineerCommented:
or :

develop a crypto algorithm, that can be use and exchange data between these 2 scripting languages, but then you will need develop this crypto algorithm on both sides.
Tomas Helgi JohannssonCommented:

As ryancys says then Sessions and Session variables are bound to the particular
scripting languages/environment and are non-transferable between those env.
You could do it by using a db as ryancys suggested or use the Http-Request/Response  header attribute to transfer data between different scripting env.

   Tomas Helgi
ryancys is right, sessions can't be shared.  However, if you create a common login, in LDAP or your own login db, both application servers can access the login information in the same db.  Look at these resources for setting up a single login for many apps:

IIS and LDAP (through Active Directory):

Example of JSP integration with an LDAP server:

And a commercial product for managing single signon:

You don't have to develop an encryption algorithm, and you shouldn't.  You can encrypt session information and offer it from either app server (Tomcat or IIS) upon request from the other server.  Or don't encrypt it, but only offer it via https from an authenticated user, which would be the other appserver.  SSL is enough encryption.   If you don't use SSL for encryption, look into these options:

So I would separate the single login problem from the problem of the rest of the session information, because there are good solutions to login, and many different ways of handling sharing private information among app servers.

In fact, I agree with ryancys's first suggestion about using a database to share session information -- except for login, which should be in LDAP.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
P_RamprathapAuthor Commented:
Thanks for the help.It really helped me lot . Trying to implement the same in our enviornment .Thanks again
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.