interconnecting asp and asp.net sessions

Recently I came across an interesting situation, I needed to synchronize asp and asp.net sessions(our application is a combination of old asp and new asp.net code).

The asp.net session timeout can be configured in web.config file, and after the specified timeout period elapses, session is being terminated - asp.net session not asp. In order to access the asp session variables, when asp.net session is terminated - I crafted web request that was sent to special asp file. In this file script cleans up session variables and the whole asp app thinks that its session is terminated.

The trick here was that all the cookies, that were created in the session, had to be present in the http request header. Asp page discovers its state using these cookies.

P.S. in the asp script to which the request will be sent it is necessary to compare the host that issued the request and local address - they must be the same. If not performing this check, this will leave security breach in the web app