I am writing a PHP script that should integrate with ASP.NET login (which happens to be built on Sitecore, not sure if this is important). I need to replicate the ability to generate / log in / encrypt the session and data cookie, and also determine if the user is logged in when the session and data cookie are detected / decrypted. PHP and ASP scripts can share the same MS SQL database and are on the same file system, so this is not a problem. Most of my problems are related to setting / reading ASP cookies in PHP.
I have 2 cookies set by ASP.NET,
ASP.NET_SessionId and .ASPXAUTH
I believe that ASP.NET_SessionId for the session is explicit and .ASPXAUTH for the data.
My questions:
- I believe that in order to find out if someone is registered (or registered in it) through an ASP session, in PHP, I will need to compare the session data with the sessions stored in the file system, does anyone know where (or what determines where) are they located?
- Does anyone know the algorithm used to encrypt / decrypt an ASPXAUTH cookie? I know the standard “Encrypt” and “Decrypt” methods, but I want to know the code that makes them work exactly. IE is at first some kind of data array, which is then salted and hashed? Do I need to shift / convert output bytes? If so, in what order / path?
I appreciate any help, I will give an answer for the person who is most useful in answering any of these questions in the next few days.
Currently, I was able to reproduce cookie generation using setcookie () in PHP. That is, I can log in through the ASP.NET application, take the cookie data, connect it to the PHP application and exit the ASP.NET application. For those who are going to touch me, I well know that this is possible, and I DO NOT NEED to explain why I do this, but this is due to a lot of time, money and reasons, so yes, I need to use BOTH PHP and ASP. NET
THANKS!
UPDATE
I believe that I was partially able to decrypt the cookie using this answer: https://stackoverflow.com/a/212616/2/ Does anyone know how to end it?
source share