Jessica, I'm making some big assumptions here. Firstly, I'm presuming you don't want to go as far as having a real distributed authentication mechanism like CAS, Kerberos or Shibboleth, and that your servers aren't authenticating against a Windows AD. Secondly, I'm presuming there's no way to get both sites running on the same CF instance, as this is far and away the easiest way to share data between CF apps - just give the two apps the same application name and that's all.
Given those assumptions, the low-rent way to do this is to pass the user's authentication details through to the secure site in a form post or in a cookie when the user navigates from one site to the other. For more security, have your member site notify the secure site via a backchannel (e.g. CFHTTP) when somebody logs in. Then the secure site can compare the details coming in from the browser with the notification it previously received from your server, and reject the request if there's no match or the request is stale. Just make sure the backchannel is properly restricted, preferably to a single IP address. For even better security, you can encrypt the backchannel as well. Note that in this scenario "authentication details" need not mean the actual data of interest - it may be a time-limited key that you can then use to look up the data, perhaps in a shared database or by issuing a webservice call. This is a very simplified version of what things like Kerberos and Shibboleth do, and if it's all you need it will probably take weeks less to do than setting up something like Shibboleth. Jaime > -----Original Message----- > From: Jessica Kennedy > [mailto:police_kidnapped_your_child...@yahoo.com] > Sent: Wednesday, 31 December 2008 9:13 AM > To: cf-talk > Subject: sharing vars between applications > > Posted this last week... no response, I am still not any > further... any help would be greatly appreciated! > > OK, I have a member area on my site that is unencrypted. > there are a couple of pages that need to be encrypted as they > deal with passing credit card info to our cc processor. I'm > using crystaltech, so our site has a mirrored site on their > shared SSL domain. I thought it would be fairly easy to pass > some session vars to the mirrored site and keep the user > logged in, but that is clearly not working; i am assuming > because the cfid & token are the same it is kicking me out of > the system on the mirrored site. does anyone have > suggestions for how i can accomplish this without moving my > entire member area to ssl?? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317282 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
