Well today I had fun triing to work our for one of my clients a better way to transfer the session from one IIS server to another IIS server so that we can use the login permissions from one server on another without having to login again.
I found 1 method that I thought would work, and found that the technique is being used as a method of transfering session from asp to asp.net using the xmlhttprequest object. The problem being microsofts method of fixing security wholes which is by stopping people from doing certain things, and not fixing the underlying problem. (this is much the same as what they have done in SP2, not fix the problems but restrict you from doing things).
The method is quite niffty is to use the xmlhttprequest object is to find the ASPSESSIONIDxxxx=xxx cookie and then set the header for the cookie with the this id, and get an asp page to return everything in the to the page. The problem is that the xmlhttprequest object doesn't allow you to set the ASPSESSIONIDxxx as a cookie.
I am thinking I might add some php to do this with curl, should work, but this is alot of overhead just to transfer a few bits if session data, but I think I might need to.
Please email me if you have a better way of doing this. Thanks.
What a waste of most of a day.