In a previous job we had a classic ASP application that no one wanted to migrate to ASP.NET. The things that it did, it did very well.
However there was some new functionality that needed to be added that just seemed best suited to ASP.NET. The decision was made to allow the system to become a weird hybrid of ASP and ASP.NET.
Our biggest sticking point was session management and we hacked together a solution to pass session values through form variables. I’ve talked to others that handled this same problem through cookies.
Both methods seem a horrible kluge (in addition to being terribly insecure).
Is there a better or cleaner way or is this just such a bad idea to begin with that discussion on the topic is pointless?
Can you not persist session data to a serverside data store? ie XML file, database etc. You could then pass just a hash (calculated based on some criteria that securely identifies the session) to a .NET page which can the pick the data up from the data store using this identifier and populate your session data. It still means having to pass requests from ASP to ASP.NET through a proxy each time to ensure the latest session data is available in each app but I don’t know of an alternative way to achieve this I’m afraid.