Hijacking ASP.NET Sessions

So, you want to be able to access other user’s session state from the session id, right? Well, I don’t know if you should, but you definitely can do that! Smile

Here is an extension method for that purpose. It uses a bit of reflection, which means, it may not work with future versions of .NET (I tested it with .NET 4.0/4.5).

   1: public static class HttpApplicationExtensions
   2: {
   3:     private static readonly FieldInfo storeField = typeof(SessionStateModule).GetField("_store", BindingFlags.NonPublic | BindingFlags.Instance);
   4:  
   5:     public static ISessionStateItemCollection GetSessionById(this HttpApplication app, String sessionId)
   6:     {
   7:         var module = app.Modules["Session"] as SessionStateModule;
   8:  
   9:         if (module == null)
  10:         {
  11:             return (null);
  12:         }
  13:  
  14:         var provider = storeField.GetValue(module) as SessionStateStoreProviderBase;
  15:  
  16:         if (provider == null)
  17:         {
  18:             return (null);
  19:         }
  20:  
  21:         Boolean locked;
  22:         TimeSpan lockAge;
  23:         Object lockId;
  24:         SessionStateActions actions;
  25:  
  26:         var data = provider.GetItem(HttpContext.Current, sessionId.Trim(), out locked, out lockAge, out lockId, out actions);
  27:  
  28:         if (data == null)
  29:         {
  30:             return (null);
  31:         }
  32:  
  33:         return (data.Items);
  34:     }
  35: }

As you can see, it extends the HttpApplication class, that is because we need to access the modules collection, for the Session module.

Use with care!

                             

No Comments