The way to share session information across disparate application servers is not to use any of the application servers' built-in session management. Roll your own! One popular method is to use something like WDDX to serialize session information and then store it in a central store of some kind like a database or file system. Then any application server can read the WDDX and deserialize the session back into memory.
Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: [EMAIL PROTECTED] > -----Original Message----- > From: Michael Kear [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:48 PM > To: CF-Talk > Subject: RE: Using session vars created by .asp shop .. possible? > > Isaac's answer kind of helps, but kind of doesn't. The problem I'm > trying > to get around is the very users he's referring to ... the ones who are > paranoid (and this client attracts them like flies to a barbecue) and have > personal firewalls that prevent the variable cgi.http-referer being > passed. > (It's this variable that I've relied on up till now but the growth of > personal firewalls has made it a problem we have to deal with now) > > So any solution is going to have to deal with these people. They log > into > the shop, pay their money or give their passwords to validate their > subscription status. Then they go to an article in the site. The article > can be a free article (no problems there) or pay-per-view or members only > or > only for a particular class of members. Up till now, I've worked on the > assumption that if they have access to the article that is sending them to > my ColdFusion app, then they can have access to my app. So I just > checked > the page they're coming from and if it's the correct article, I let them > in, > if it's not the correct article, I send them to the article head page to > start there, and let the .asp shop take care of the access control. > > However there are all these people who are using firewalls and not letting > their browsers pass cgi.http_referer and therefore the CF app is assuming > they aren't coming from the right place and kicks them back to the start > of > the story. This is a problem if the user has just finished paying for a > 24hour view of the article. > > Has anyone actually done it - pick up session vars created by an .asp > application? I get the impression that the answers I'm reading are not > based on experience but on theory. > > Cheers, > Mike Kear > Windsor, NSW, Australia > AFP WebWorks > > > -----Original Message----- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 17 July 2002 4:54 AM > To: CF-Talk > Subject: Re: Using session vars created by .asp shop .. possible? > > Hi Mike, There's no way for ASP and CF to see or use each-other's > persisten > variables ( request, application, etc. ) natively... In order to make the > transition, you'll have to add something to the login script for the ASP > shop that will as an example, post login info to a CF page in a hidden > frame > in order to set session variables in CF ... the problem then becomes that > the CF session variables will timeout if the user is wandering around the > ASP shop and not hitting any CF pages for a while... > > There are a number of things you can try to work around this problem, > including the use of cookies ( assuming both the ASP and the CF share a > domain name you should be able to set and retrieve cookies from the > browser > without having to care whether the current page is ASP or CF ) and the use > of database to store session info ( slower, more complicated, need to pay > special attention to security -- possibly more reliable for paranoid users > who tend to block all cookies or who are on networks with paranoid admins > who block all cookies through the firewall). > > Isaac Dealey > www.turnkey.to > 954-776-0046 > > > One of my clients has a shop built in .asp which amongst other > > things grants access to parts of the site based on their payments > > or subscription status. I want to grant or deny access to my > > coldfusion apps based on the same information. > > > > Has anyone ever picked up session vars created by .asp and used > > them in cf apps? I'm talking about validating a user based on > > his shopper id created in asp. Is this as easy for me to use > > as it is in cf generated session vars? > > > > (written as a real .asp beginner here) > > > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists