RE: Passing session from .aspx to .cfm and back
Thanks Costas and Jochem. Costas, the issue isn't how to manage the coldfusion session, because I can do that easily I a number of ways. The issue is that the user gets validated in the .aspx part of the site. I have to be able to know whether he's entitled to see the cfm page he's looking for, and after he's done that, make sure he's still validated for the .aspx part of the site when he leaves my cfm page to go to another area in the site. In other words we want them to be able to move back and forth between the .aspx and .cfm parts of the site without having to log in all the time. One log in has to be enough. To add to the complexity of it, we have a variety of levels of membership. People can belong to parts of the site but not others, or they can buy articles on a pay-per-view basis, or buy one particular article for 24 hours only. Or any other clever way the marketing people might think up in the future. And it's CF5, so using CFLOGIN automatically's not an option, but I can see that it should work hand-coding the tags though, Jochem. Thanks for your help, and I'm eager to hear any other suggestions people might have. Cheers, Michael Kear Windsor, NSW, Australia AFP Webworks. -Original Message- From: Costas Piliotis [mailto:[EMAIL PROTECTED] Sent: Tuesday, 24 June 2003 5:34 AM To: CF-Talk Subject: RE: Passing session from .aspx to .cfm and back Sorry to jump into this thread a bit late, but why not use client variables in cfmx, store them in a database, and write a .net object or function or whatever that parses those variables out into asp.not variables... And write another one to pass them back... Just use cdata / cglobal tables. And then when you transfer the session back to cf, add the cfid / cftoken attributes and the session will continue on I recon... Anyone want to correct me on this? -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 12:26 PM To: CF-Talk Subject: Re: Passing session from .aspx to .cfm and back Mike Kear wrote: > Sorry if I'm asking really basic questions here, but I'm dealing with > a programmer who is on sabbatical in Poland, and is doing the work in > his spare time there, (so I can't talk to him on the phone) and he > loves to blind people with jargon. So he'll give me gobbledegook and > I'll have to decipher it. He wont change anything on his side of the > site, I'll have to do all the adjusting to fit what he's doing. > That's how it is. > > Anyway ... are "Basic Authentication" and "Digest Authentication" the > terms the .aspx programmer will know it by? He should know the terms, they are straight from the RFC on HTTP authentication (2617). > And to hand back to the .aspx site a user who's still showing as > authenticated, all I have to do is use were included with the .aspx page that the user came over with. Is that > right? The idea is that after being initially challenged the browser will automatically include credentials with every request to documents on the same level or lower in the directory structure of the site. If you use Digest authentication, you can even designate other sites (by name) that should be authenticated with the same credentials. So you don't start a session on both the .aspx and the .cfm side when the user logs in, you just start it on one side. And whenever the user hits a page in the other language, credentials are included so you can start a session on that moment. cflogin can work automatically with HTTP authentication. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Passing session from .aspx to .cfm and back
Sorry to jump into this thread a bit late, but why not use client variables in cfmx, store them in a database, and write a .net object or function or whatever that parses those variables out into asp.not variables... And write another one to pass them back... Just use cdata / cglobal tables. And then when you transfer the session back to cf, add the cfid / cftoken attributes and the session will continue on I recon... Anyone want to correct me on this? -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 12:26 PM To: CF-Talk Subject: Re: Passing session from .aspx to .cfm and back Mike Kear wrote: > Sorry if I'm asking really basic questions here, but I'm dealing with > a programmer who is on sabbatical in Poland, and is doing the work in > his spare time there, (so I can't talk to him on the phone) and he > loves to blind people with jargon. So he'll give me gobbledegook and > I'll have to decipher it. He wont change anything on his side of the > site, I'll have to do all the adjusting to fit what he's doing. > That's how it is. > > Anyway ... are "Basic Authentication" and "Digest Authentication" the > terms the .aspx programmer will know it by? He should know the terms, they are straight from the RFC on HTTP authentication (2617). > And to hand back to the .aspx site a user who's still showing as > authenticated, all I have to do is use were included with the .aspx page that the user came over with. Is that > right? The idea is that after being initially challenged the browser will automatically include credentials with every request to documents on the same level or lower in the directory structure of the site. If you use Digest authentication, you can even designate other sites (by name) that should be authenticated with the same credentials. So you don't start a session on both the .aspx and the .cfm side when the user logs in, you just start it on one side. And whenever the user hits a page in the other language, credentials are included so you can start a session on that moment. cflogin can work automatically with HTTP authentication. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Passing session from .aspx to .cfm and back
Mike Kear wrote: > Sorry if I'm asking really basic questions here, but I'm dealing with a > programmer who is on sabbatical in Poland, and is doing the work in his > spare time there, (so I can't talk to him on the phone) and he loves to > blind people with jargon. So he'll give me gobbledegook and I'll have to > decipher it. He wont change anything on his side of the site, I'll have to > do all the adjusting to fit what he's doing. That's how it is. > > Anyway ... are "Basic Authentication" and "Digest Authentication" the > terms the .aspx programmer will know it by? He should know the terms, they are straight from the RFC on HTTP authentication (2617). > And to hand back to the .aspx site a user who's still showing as > authenticated, all I have to do is use were included with the .aspx page that the user came over with. Is that > right? The idea is that after being initially challenged the browser will automatically include credentials with every request to documents on the same level or lower in the directory structure of the site. If you use Digest authentication, you can even designate other sites (by name) that should be authenticated with the same credentials. So you don't start a session on both the .aspx and the .cfm side when the user logs in, you just start it on one side. And whenever the user hits a page in the other language, credentials are included so you can start a session on that moment. cflogin can work automatically with HTTP authentication. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Passing session from .aspx to .cfm and back
Sorry if I'm asking really basic questions here, but I'm dealing with a programmer who is on sabbatical in Poland, and is doing the work in his spare time there, (so I can't talk to him on the phone) and he loves to blind people with jargon. So he'll give me gobbledegook and I'll have to decipher it. He wont change anything on his side of the site, I'll have to do all the adjusting to fit what he's doing. That's how it is. Anyway ... are "Basic Authentication" and "Digest Authentication" the terms the .aspx programmer will know it by? And to hand back to the .aspx site a user who's still showing as authenticated, all I have to do is use mailto:[EMAIL PROTECTED] Sent: Monday, 23 June 2003 9:46 PM To: CF-Talk Subject: Re: Passing session from .aspx to .cfm and back Mike Kear wrote: > What will be in the header if they are authenticated? Depends. If you do Basic Authentication there will be a header named "Authorization" and the value will be the Base64 encrypted "username:password" string. If you do Digest Authentication, it will be a comma separated list of variable=value pairs, that have a hashed version of the password (amongst other things). Check RFC 2617. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Passing session from .aspx to .cfm and back
Mike Kear wrote: > What will be in the header if they are authenticated? Depends. If you do Basic Authentication there will be a header named "Authorization" and the value will be the Base64 encrypted "username:password" string. If you do Digest Authentication, it will be a comma separated list of variable=value pairs, that have a hashed version of the password (amongst other things). Check RFC 2617. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Passing session from .aspx to .cfm and back
What will be in the header if they are authenticated? Cheers, Michael Kear Windsor, NSW, Australia AFP Webworks. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, 23 June 2003 9:26 PM To: CF-Talk Subject: Re: Passing session from .aspx to .cfm and back Mike Kear wrote: > > Up till now, when they log in on the .asp area, the action page there passes > them to a .cfm template where we create a cold fusion session, then pass > them back to the .asp page they were originally looking for. Then when they > eventually come to a .cfm page they're already logged in. > > With the change to .aspx, (and I don't know diddley about .aspx!) is there > an easier and/or more reliable way to handle this login status? How about using HTTP authentication? The headers are sent on every request, so there is no need for complex redirecting. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Passing session from .aspx to .cfm and back
Mike Kear wrote: > > Up till now, when they log in on the .asp area, the action page there passes > them to a .cfm template where we create a cold fusion session, then pass > them back to the .asp page they were originally looking for. Then when they > eventually come to a .cfm page they're already logged in. > > With the change to .aspx, (and I don't know diddley about .aspx!) is there > an easier and/or more reliable way to handle this login status? How about using HTTP authentication? The headers are sent on every request, so there is no need for complex redirecting. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
