WebApp Sec mailing list archives
RE: IIS session & application variables
From: "Damhuis Anton" <DamhuisA () aforbes co za>
Date: Fri, 26 Nov 2004 07:30:36 +0200
Hi Martin
Session variables are not "sent from page to page", but rather stored in memory using the Session ID. The app (or page)
has access to these variables using the Session ID (Behind the scenes).
If you want to see the information flowing to / from browser then goto www.planet-source-code.com and search there for
"html breakout box". This little VB6 App will allow you to see the HTML traffic to / from the browser (via the proxy
program). If you don't come right I will look for it and send you the link.
However you can see the session variables on a ASP page using the following code (classic ASP) It is made for my
environment, but I am sure you will be able to figure it out:
Sub SFDebug()
REM ------------------------------------------------------------
REM -- Allows a person to see Session and Form Debug Information
rem -- if CANDebug is Enabled
REM ------------------------------------------------------------
Dim strSessionContents 'as String
Dim strFormContents 'as String
Dim strURLContents 'as String
Dim objFIELD 'as String
Dim formElement 'as
Dim URLElement 'as
If Session("UserDebug") = true and CANDebug=TRUE then
strSessionContents = ""
strFormContents = ""
strURLContents = ""
REM -- Create a list of all Session Varables
On Error Resume Next
For Each objFIELD in Session.Contents
strSessionContents = strSessionContents & _
Left(objFIELD & " ",20) & ": [" & Session(objFIELD) & "]" & vbcrlf
Next 'objFIELD
On Error Goto 0
REM -- Bread Crumm Add On
Dim DKeys
Dim DItems
Dim I
Dim DictTmp
If IsObject(Session("Dictionary")) then
Set DictTmp = Session("Dictionary")
DKeys = DictTmp.Keys
DItems = DictTmp.Items
For i = 0 To DictTmp.Count -1
strSessionContents = strSessionContents & _
Left("Dict(" & DKeys(I) & ") ",30) & ": [" & DItems(I) & "]" & vbcrlf
'Response.Write "Dict." & DItems(I) & " = [" & DKeys(I) & "]<br>"
Next 'I
Set DictTmp = Nothing
end if
REM -- Bread Crumm Add On TILL HERE
REM -- Create a list of all Used Form Elements
strFormContents = ""
For Each formElement In Request.Form
strFormContents = strFormContents & _
Left(formElement & " ",20) & ": [" & Request.form(formElement) & "]" & vbcrlf
Next 'formElement
REM -- Create a list of all Used URL Elements (QueryString)
strURLContents = ""
For Each URLElement In Request.QueryString
strURLContents = strURLContents & _
Left(URLElement
& " ",20) & ": [" & Request.QueryString(URLElement) & "]" & vbcrlf
Next
Response.Write "<div style=""BACKGROUND-COLOR: #ffffbb; font-size:10px"">" & _
"<pre>" & _
"Session Variables" & vbcrlf & _
"-----------------" & vbcrlf & _
strSessionContents & vbcrlf & _
"Form Variables" & vbcrlf & _
"---------" & vbcrlf & _
strFormContents & vbcrlf & _
"URL Variables" & vbcrlf & _
"-----------------" & vbcrlf & _
strURLContents & vbcrlf & _
"</pre>" & _
"</div>"
end if
end Sub
-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga]
Sent: 25 November 2004 10:22
To: webappsec () securityfocus com
Subject: IIS session & application variables
Hi list !
I was wondering if someone knows about a tool that can get the application/session variables on my IIS session ...
Lets' me explain: I've got an IIS server, and some application & session variables defined in my global.asa. I think
these variables are sent from one page to another one, and I was wondering if there is a tool that displays me these
variables (session and application variables).
Any clue would be helpful !
Thanks in advance !
Confidentiality Warning
=======================
The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
Current thread:
- IIS session & application variables Bénoni MARTIN (Nov 25)
- Re: IIS session & application variables saphyr (Nov 27)
- <Possible follow-ups>
- RE: IIS session & application variables Damhuis Anton (Nov 27)