WebApp Sec mailing list archives
RE: IIS session & application variables
From: "Damhuis Anton" <DamhuisA () aforbes co za>
Date: Fri, 26 Nov 2004 07:30:36 +0200
Hi Martin Session variables are not "sent from page to page", but rather stored in memory using the Session ID. The app (or page) has access to these variables using the Session ID (Behind the scenes). If you want to see the information flowing to / from browser then goto www.planet-source-code.com and search there for "html breakout box". This little VB6 App will allow you to see the HTML traffic to / from the browser (via the proxy program). If you don't come right I will look for it and send you the link. However you can see the session variables on a ASP page using the following code (classic ASP) It is made for my environment, but I am sure you will be able to figure it out: Sub SFDebug() REM ------------------------------------------------------------ REM -- Allows a person to see Session and Form Debug Information rem -- if CANDebug is Enabled REM ------------------------------------------------------------ Dim strSessionContents 'as String Dim strFormContents 'as String Dim strURLContents 'as String Dim objFIELD 'as String Dim formElement 'as Dim URLElement 'as If Session("UserDebug") = true and CANDebug=TRUE then strSessionContents = "" strFormContents = "" strURLContents = "" REM -- Create a list of all Session Varables On Error Resume Next For Each objFIELD in Session.Contents strSessionContents = strSessionContents & _ Left(objFIELD & " ",20) & ": [" & Session(objFIELD) & "]" & vbcrlf Next 'objFIELD On Error Goto 0 REM -- Bread Crumm Add On Dim DKeys Dim DItems Dim I Dim DictTmp If IsObject(Session("Dictionary")) then Set DictTmp = Session("Dictionary") DKeys = DictTmp.Keys DItems = DictTmp.Items For i = 0 To DictTmp.Count -1 strSessionContents = strSessionContents & _ Left("Dict(" & DKeys(I) & ") ",30) & ": [" & DItems(I) & "]" & vbcrlf 'Response.Write "Dict." & DItems(I) & " = [" & DKeys(I) & "]<br>" Next 'I Set DictTmp = Nothing end if REM -- Bread Crumm Add On TILL HERE REM -- Create a list of all Used Form Elements strFormContents = "" For Each formElement In Request.Form strFormContents = strFormContents & _ Left(formElement & " ",20) & ": [" & Request.form(formElement) & "]" & vbcrlf Next 'formElement REM -- Create a list of all Used URL Elements (QueryString) strURLContents = "" For Each URLElement In Request.QueryString strURLContents = strURLContents & _ Left(URLElement & " ",20) & ": [" & Request.QueryString(URLElement) & "]" & vbcrlf Next Response.Write "<div style=""BACKGROUND-COLOR: #ffffbb; font-size:10px"">" & _ "<pre>" & _ "Session Variables" & vbcrlf & _ "-----------------" & vbcrlf & _ strSessionContents & vbcrlf & _ "Form Variables" & vbcrlf & _ "---------" & vbcrlf & _ strFormContents & vbcrlf & _ "URL Variables" & vbcrlf & _ "-----------------" & vbcrlf & _ strURLContents & vbcrlf & _ "</pre>" & _ "</div>" end if end Sub -----Original Message----- From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga] Sent: 25 November 2004 10:22 To: webappsec () securityfocus com Subject: IIS session & application variables Hi list ! I was wondering if someone knows about a tool that can get the application/session variables on my IIS session ... Lets' me explain: I've got an IIS server, and some application & session variables defined in my global.asa. I think these variables are sent from one page to another one, and I was wondering if there is a tool that displays me these variables (session and application variables). Any clue would be helpful ! Thanks in advance ! Confidentiality Warning ======================= The contents of this e-mail and any accompanying documentation are confidential and any use thereof, in what ever form, by anyone other than the addressee is strictly prohibited.
Current thread:
- IIS session & application variables Bénoni MARTIN (Nov 25)
- Re: IIS session & application variables saphyr (Nov 27)
- <Possible follow-ups>
- RE: IIS session & application variables Damhuis Anton (Nov 27)