Isaac's answer kind of helps, but kind of doesn't. The problem I'm trying to get around is the very users he's referring to ... the ones who are paranoid (and this client attracts them like flies to a barbecue) and have personal firewalls that prevent the variable cgi.http-referer being passed. (It's this variable that I've relied on up till now but the growth of personal firewalls has made it a problem we have to deal with now)
So any solution is going to have to deal with these people. They log into the shop, pay their money or give their passwords to validate their subscription status. Then they go to an article in the site. The article can be a free article (no problems there) or pay-per-view or members only or only for a particular class of members. Up till now, I've worked on the assumption that if they have access to the article that is sending them to my ColdFusion app, then they can have access to my app. So I just checked the page they're coming from and if it's the correct article, I let them in, if it's not the correct article, I send them to the article head page to start there, and let the .asp shop take care of the access control. However there are all these people who are using firewalls and not letting their browsers pass cgi.http_referer and therefore the CF app is assuming they aren't coming from the right place and kicks them back to the start of the story. This is a problem if the user has just finished paying for a 24hour view of the article. Has anyone actually done it - pick up session vars created by an .asp application? I get the impression that the answers I'm reading are not based on experience but on theory. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -----Original Message----- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 4:54 AM To: CF-Talk Subject: Re: Using session vars created by .asp shop .. possible? Hi Mike, There's no way for ASP and CF to see or use each-other's persisten variables ( request, application, etc. ) natively... In order to make the transition, you'll have to add something to the login script for the ASP shop that will as an example, post login info to a CF page in a hidden frame in order to set session variables in CF ... the problem then becomes that the CF session variables will timeout if the user is wandering around the ASP shop and not hitting any CF pages for a while... There are a number of things you can try to work around this problem, including the use of cookies ( assuming both the ASP and the CF share a domain name you should be able to set and retrieve cookies from the browser without having to care whether the current page is ASP or CF ) and the use of database to store session info ( slower, more complicated, need to pay special attention to security -- possibly more reliable for paranoid users who tend to block all cookies or who are on networks with paranoid admins who block all cookies through the firewall). Isaac Dealey www.turnkey.to 954-776-0046 > One of my clients has a shop built in .asp which amongst other > things grants access to parts of the site based on their payments > or subscription status. I want to grant or deny access to my > coldfusion apps based on the same information. > > Has anyone ever picked up session vars created by .asp and used > them in cf apps? I'm talking about validating a user based on > his shopper id created in asp. Is this as easy for me to use > as it is in cf generated session vars? > > (written as a real .asp beginner here) ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists