RE: Using session vars created by .asp shop .. possible?
Just to note, I was speaking from experience. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: [EMAIL PROTECTED] > -Original Message- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 8:23 PM > To: CF-Talk > Subject: RE: Using session vars created by .asp shop .. possible? > > > Has anyone actually done it - pick up session vars > > created by an .asp application?I get the impression > > that the answers I'm reading are not based on > > experience but on theory. > > You're probably mostly right... I know that I haven't had to do this in > the > past and I don't expect to any time soon... Most sites are built on a > single > application server if any, so most developers never have to deal with this > particular problem personally... But then your problem is compounded by > that > whole paranoia thing which is one of the unfortunate truths about the > myths > about the internet that makes our jobs ( all our jobs ) more difficult... > The lack of an http_referrer or any other cookie or variable however > innocuous could be a big problem for any developer, regardless of their > server platform or how many types of servers they are using. And it all > stems from that basic human fear of the unknown ( the internet ) and > people > being missinformed and thinking that somehow having an identifying mark on > their computer that allows the server to maintain a session on a given > website will somehow also allow the webmaster to follow their online > activities and eventually get access to all their credit card numbers, > their > social security info ( I know you're in AU, it's a dif. system there ), > medical history, shopping habbits and hidden-camera photos of them in the > toilet. > > > > The long and the short of it is that it's a tough problem for many of us. > We > may not be able to provide much more than theory, and in the end, none of > our solutions may be particularly good at dealing with this problem. > > We do what we can tho. :) > > Isaac > > www.turnkey.to > 954-776-0046 > > __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Using session vars created by .asp shop .. possible?
Isaac, it was no criticism at all of you or anyone else here, so please don't take it that way. The client is a consumer rights organization, and they attract the people who are worried about being tracked and followed. The organization is a leading activist in privacy issues. 98% of the users are no problem, because they don't have their personal firewalls set to super-paranoia level. It's no good me attempting to tell the client that the other 2% can be disregarded, the way we did with the Netscape1.0 and IE1.0 users so we can use CSS. It happens that half the board members of the client have their personal firewalls set to stun so they can't get access to parts of their own site! Tell a board member that he doesn't count why don'tcha! I'm going to have a more in-depth look at how the .asp actually tracks and validates the users. Maybe the approach might be to reproduce what it does in CF rather than try to pick up the .asp's client vars. Incidentally the reason we have both CF and .asp on the site is I inherited a site built in .asp with a considerable investment already spent, and convinced the client that CF was the way to go for the future. They continued with the work already done and we began building new apps in CF. Small fixes and tinkering has been done in .asp but new stuff has been done in CF. The two biggest components of the .asp are the content management system and the shop. Thanks for all your help friends. I'm still eager to hear if anyone has any bright ideas how I can do this, if you think I've overlooked something. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -Original Message- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] Sent: Thursday, 18 July 2002 1:23 PM To: CF-Talk Subject: RE: Using session vars created by .asp shop .. possible? > Has anyone actually done it - pick up session vars > created by an .asp application?I get the impression > that the answers I'm reading are not based on > experience but on theory. You're probably mostly right... I know that I haven't had to do this in the past and I don't expect to any time soon... Most sites are built on a single application server if any, so most developers never have to deal with this particular problem personally... But then your problem is compounded by that whole paranoia thing which is one of the unfortunate truths about the myths about the internet that makes our jobs ( all our jobs ) more difficult... The lack of an http_referrer or any other cookie or variable however innocuous could be a big problem for any developer, regardless of their server platform or how many types of servers they are using. And it all stems from that basic human fear of the unknown ( the internet ) and people being missinformed and thinking that somehow having an identifying mark on their computer that allows the server to maintain a session on a given website will somehow also allow the webmaster to follow their online activities and eventually get access to all their credit card numbers, their social security info ( I know you're in AU, it's a dif. system there ), medical history, shopping habbits and hidden-camera photos of them in the toilet. The long and the short of it is that it's a tough problem for many of us. We may not be able to provide much more than theory, and in the end, none of our solutions may be particularly good at dealing with this problem. We do what we can tho. :) Isaac www.turnkey.to 954-776-0046 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Using session vars created by .asp shop .. possible?
> Has anyone actually done it - pick up session vars > created by an .asp application?I get the impression > that the answers I'm reading are not based on > experience but on theory. You're probably mostly right... I know that I haven't had to do this in the past and I don't expect to any time soon... Most sites are built on a single application server if any, so most developers never have to deal with this particular problem personally... But then your problem is compounded by that whole paranoia thing which is one of the unfortunate truths about the myths about the internet that makes our jobs ( all our jobs ) more difficult... The lack of an http_referrer or any other cookie or variable however innocuous could be a big problem for any developer, regardless of their server platform or how many types of servers they are using. And it all stems from that basic human fear of the unknown ( the internet ) and people being missinformed and thinking that somehow having an identifying mark on their computer that allows the server to maintain a session on a given website will somehow also allow the webmaster to follow their online activities and eventually get access to all their credit card numbers, their social security info ( I know you're in AU, it's a dif. system there ), medical history, shopping habbits and hidden-camera photos of them in the toilet. The long and the short of it is that it's a tough problem for many of us. We may not be able to provide much more than theory, and in the end, none of our solutions may be particularly good at dealing with this problem. We do what we can tho. :) Isaac www.turnkey.to 954-776-0046 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Using session vars created by .asp shop .. possible?
So how does ASP track sessions - if not with cookies or url variables? As far as I can see your choices are URL variables, cookie variables, or form posting into thec cf application. -Original Message- From: Michael Kear [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:24 PM To: CF-Talk Subject: RE: Using session vars created by .asp shop .. possible? Ok, I have access to the database - the coldfusion is on the same system and domain as the .asp shop and the rest of the site. So I can look up the database and see if the user has access or has membership or has paid his fees, just as the article prior to it does. The question is, how do I identify this user without requiring him to log in again. He's just logged in a few minutes earlier to get to the article he's following, now on page 9 or 10 of the article, there's a coldfusion page that calculates some stuff for him and we can't ask him to log in again. We don't really like using cookies, because the users we have here are paranoid people. They have cookies turned off.The ones who aren't paranoid are working the site fine and its not a problem. It's the paranoid ones we're trying to cater for. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED]] Sent: Thursday, 18 July 2002 12:06 PM To: CF-Talk Subject: RE: Using session vars created by .asp shop .. possible? The way to share session information across disparate application servers is not to use any of the application servers' built-in session management. Roll your own! One popular method is to use something like WDDX to serialize session information and then store it in a central store of some kind like a database or file system. Then any application server can read the WDDX and deserialize the session back into memory. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: [EMAIL PROTECTED] > -Original Message- > From: Michael Kear [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:48 PM > To: CF-Talk > Subject: RE: Using session vars created by .asp shop .. possible? > > Isaac's answer kind of helps, but kind of doesn't.The problem I'm > trying > to get around is the very users he's referring to ... the ones who are > paranoid (and this client attracts them like flies to a barbecue) and have > personal firewalls that prevent the variable cgi.http-referer being > passed. > (It's this variable that I've relied on up till now but the growth of > personal firewalls has made it a problem we have to deal with now) > > So any solution is going to have to deal with these people.They log > into > the shop, pay their money or give their passwords to validate their > subscription status. Then they go to an article in the site. The article > can be a free article (no problems there) or pay-per-view or members only > or > only for a particular class of members. Up till now, I've worked on the > assumption that if they have access to the article that is sending them to > my ColdFusion app, then they can have access to my app. So I just > checked > the page they're coming from and if it's the correct article, I let them > in, > if it's not the correct article, I send them to the article head page to > start there, and let the .asp shop take care of the access control. > > However there are all these people who are using firewalls and not letting > their browsers pass cgi.http_referer and therefore the CF app is assuming > they aren't coming from the right place and kicks them back to the start > of > the story. This is a problem if the user has just finished paying for a > 24hour view of the article. > > Has anyone actually done it - pick up session vars created by an .asp > application?I get the impression that the answers I'm reading are not > based on experience but on theory. > > Cheers, > Mike Kear > Windsor, NSW, Australia > AFP WebWorks > > > -Original Message- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 17 July 2002 4:54 AM > To: CF-Talk > Subject: Re: Using session vars created by .asp shop .. possible? > > Hi Mike, There's no way for ASP and CF to see or use each-other's > persisten > variables ( request, application, etc. ) natively... In order to make the > transition, you'll have to add something to the login script for the ASP > shop that will as an example, post login info to a CF page in a hidden > frame > in order to set session variables in CF ... the problem then becomes that > the CF session variables will timeout if the user is wandering around
RE: Using session vars created by .asp shop .. possible?
Ok, I have access to the database - the coldfusion is on the same system and domain as the .asp shop and the rest of the site. So I can look up the database and see if the user has access or has membership or has paid his fees, just as the article prior to it does. The question is, how do I identify this user without requiring him to log in again. He's just logged in a few minutes earlier to get to the article he's following, now on page 9 or 10 of the article, there's a coldfusion page that calculates some stuff for him and we can't ask him to log in again. We don't really like using cookies, because the users we have here are paranoid people. They have cookies turned off.The ones who aren't paranoid are working the site fine and its not a problem. It's the paranoid ones we're trying to cater for. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED]] Sent: Thursday, 18 July 2002 12:06 PM To: CF-Talk Subject: RE: Using session vars created by .asp shop .. possible? The way to share session information across disparate application servers is not to use any of the application servers' built-in session management. Roll your own! One popular method is to use something like WDDX to serialize session information and then store it in a central store of some kind like a database or file system. Then any application server can read the WDDX and deserialize the session back into memory. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: [EMAIL PROTECTED] > -Original Message- > From: Michael Kear [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:48 PM > To: CF-Talk > Subject: RE: Using session vars created by .asp shop .. possible? > > Isaac's answer kind of helps, but kind of doesn't.The problem I'm > trying > to get around is the very users he's referring to ... the ones who are > paranoid (and this client attracts them like flies to a barbecue) and have > personal firewalls that prevent the variable cgi.http-referer being > passed. > (It's this variable that I've relied on up till now but the growth of > personal firewalls has made it a problem we have to deal with now) > > So any solution is going to have to deal with these people.They log > into > the shop, pay their money or give their passwords to validate their > subscription status. Then they go to an article in the site. The article > can be a free article (no problems there) or pay-per-view or members only > or > only for a particular class of members. Up till now, I've worked on the > assumption that if they have access to the article that is sending them to > my ColdFusion app, then they can have access to my app. So I just > checked > the page they're coming from and if it's the correct article, I let them > in, > if it's not the correct article, I send them to the article head page to > start there, and let the .asp shop take care of the access control. > > However there are all these people who are using firewalls and not letting > their browsers pass cgi.http_referer and therefore the CF app is assuming > they aren't coming from the right place and kicks them back to the start > of > the story. This is a problem if the user has just finished paying for a > 24hour view of the article. > > Has anyone actually done it - pick up session vars created by an .asp > application?I get the impression that the answers I'm reading are not > based on experience but on theory. > > Cheers, > Mike Kear > Windsor, NSW, Australia > AFP WebWorks > > > -Original Message- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 17 July 2002 4:54 AM > To: CF-Talk > Subject: Re: Using session vars created by .asp shop .. possible? > > Hi Mike, There's no way for ASP and CF to see or use each-other's > persisten > variables ( request, application, etc. ) natively... In order to make the > transition, you'll have to add something to the login script for the ASP > shop that will as an example, post login info to a CF page in a hidden > frame > in order to set session variables in CF ... the problem then becomes that > the CF session variables will timeout if the user is wandering around the > ASP shop and not hitting any CF pages for a while... > > There are a number of things you can try to work around this problem, > including the use of cookies ( assuming both the ASP and the CF share a > domain name you should be able to set and retrieve cookies from the > browser > without having to care whether the current page is ASP or CF ) and
RE: Using session vars created by .asp shop .. possible?
The way to share session information across disparate application servers is not to use any of the application servers' built-in session management. Roll your own! One popular method is to use something like WDDX to serialize session information and then store it in a central store of some kind like a database or file system. Then any application server can read the WDDX and deserialize the session back into memory. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: [EMAIL PROTECTED] > -Original Message- > From: Michael Kear [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:48 PM > To: CF-Talk > Subject: RE: Using session vars created by .asp shop .. possible? > > Isaac's answer kind of helps, but kind of doesn't.The problem I'm > trying > to get around is the very users he's referring to ... the ones who are > paranoid (and this client attracts them like flies to a barbecue) and have > personal firewalls that prevent the variable cgi.http-referer being > passed. > (It's this variable that I've relied on up till now but the growth of > personal firewalls has made it a problem we have to deal with now) > > So any solution is going to have to deal with these people.They log > into > the shop, pay their money or give their passwords to validate their > subscription status. Then they go to an article in the site. The article > can be a free article (no problems there) or pay-per-view or members only > or > only for a particular class of members. Up till now, I've worked on the > assumption that if they have access to the article that is sending them to > my ColdFusion app, then they can have access to my app. So I just > checked > the page they're coming from and if it's the correct article, I let them > in, > if it's not the correct article, I send them to the article head page to > start there, and let the .asp shop take care of the access control. > > However there are all these people who are using firewalls and not letting > their browsers pass cgi.http_referer and therefore the CF app is assuming > they aren't coming from the right place and kicks them back to the start > of > the story. This is a problem if the user has just finished paying for a > 24hour view of the article. > > Has anyone actually done it - pick up session vars created by an .asp > application?I get the impression that the answers I'm reading are not > based on experience but on theory. > > Cheers, > Mike Kear > Windsor, NSW, Australia > AFP WebWorks > > > -Original Message- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 17 July 2002 4:54 AM > To: CF-Talk > Subject: Re: Using session vars created by .asp shop .. possible? > > Hi Mike, There's no way for ASP and CF to see or use each-other's > persisten > variables ( request, application, etc. ) natively... In order to make the > transition, you'll have to add something to the login script for the ASP > shop that will as an example, post login info to a CF page in a hidden > frame > in order to set session variables in CF ... the problem then becomes that > the CF session variables will timeout if the user is wandering around the > ASP shop and not hitting any CF pages for a while... > > There are a number of things you can try to work around this problem, > including the use of cookies ( assuming both the ASP and the CF share a > domain name you should be able to set and retrieve cookies from the > browser > without having to care whether the current page is ASP or CF ) and the use > of database to store session info ( slower, more complicated, need to pay > special attention to security -- possibly more reliable for paranoid users > who tend to block all cookies or who are on networks with paranoid admins > who block all cookies through the firewall). > > Isaac Dealey > www.turnkey.to > 954-776-0046 > > > One of my clients has a shop built in .asp which amongst other > > things grants access to parts of the site based on their payments > > or subscription status. I want to grant or deny access to my > > coldfusion apps based on the same information. > > > > Has anyone ever picked up session vars created by .asp and used > > them in cf apps? I'm talking about validating a user based on > > his shopper id created in asp. Is this as easy for me to use > > as it is in cf generated session vars? > > > > (written as a real .asp beginner here) > > > > __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Using session vars created by .asp shop .. possible?
Isaac's answer kind of helps, but kind of doesn't.The problem I'm trying to get around is the very users he's referring to ... the ones who are paranoid (and this client attracts them like flies to a barbecue) and have personal firewalls that prevent the variable cgi.http-referer being passed. (It's this variable that I've relied on up till now but the growth of personal firewalls has made it a problem we have to deal with now) So any solution is going to have to deal with these people.They log into the shop, pay their money or give their passwords to validate their subscription status. Then they go to an article in the site. The article can be a free article (no problems there) or pay-per-view or members only or only for a particular class of members. Up till now, I've worked on the assumption that if they have access to the article that is sending them to my ColdFusion app, then they can have access to my app. So I just checked the page they're coming from and if it's the correct article, I let them in, if it's not the correct article, I send them to the article head page to start there, and let the .asp shop take care of the access control. However there are all these people who are using firewalls and not letting their browsers pass cgi.http_referer and therefore the CF app is assuming they aren't coming from the right place and kicks them back to the start of the story. This is a problem if the user has just finished paying for a 24hour view of the article. Has anyone actually done it - pick up session vars created by an .asp application?I get the impression that the answers I'm reading are not based on experience but on theory. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -Original Message- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 4:54 AM To: CF-Talk Subject: Re: Using session vars created by .asp shop .. possible? Hi Mike, There's no way for ASP and CF to see or use each-other's persisten variables ( request, application, etc. ) natively... In order to make the transition, you'll have to add something to the login script for the ASP shop that will as an example, post login info to a CF page in a hidden frame in order to set session variables in CF ... the problem then becomes that the CF session variables will timeout if the user is wandering around the ASP shop and not hitting any CF pages for a while... There are a number of things you can try to work around this problem, including the use of cookies ( assuming both the ASP and the CF share a domain name you should be able to set and retrieve cookies from the browser without having to care whether the current page is ASP or CF ) and the use of database to store session info ( slower, more complicated, need to pay special attention to security -- possibly more reliable for paranoid users who tend to block all cookies or who are on networks with paranoid admins who block all cookies through the firewall). Isaac Dealey www.turnkey.to 954-776-0046 > One of my clients has a shop built in .asp which amongst other > things grants access to parts of the site based on their payments > or subscription status. I want to grant or deny access to my > coldfusion apps based on the same information. > > Has anyone ever picked up session vars created by .asp and used > them in cf apps? I'm talking about validating a user based on > his shopper id created in asp. Is this as easy for me to use > as it is in cf generated session vars? > > (written as a real .asp beginner here) __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Using session vars created by .asp shop .. possible?
Hi Mike, There's no way for ASP and CF to see or use each-other's persisten variables ( request, application, etc. ) natively... In order to make the transition, you'll have to add something to the login script for the ASP shop that will as an example, post login info to a CF page in a hidden frame in order to set session variables in CF ... the problem then becomes that the CF session variables will timeout if the user is wandering around the ASP shop and not hitting any CF pages for a while... There are a number of things you can try to work around this problem, including the use of cookies ( assuming both the ASP and the CF share a domain name you should be able to set and retrieve cookies from the browser without having to care whether the current page is ASP or CF ) and the use of database to store session info ( slower, more complicated, need to pay special attention to security -- possibly more reliable for paranoid users who tend to block all cookies or who are on networks with paranoid admins who block all cookies through the firewall). Isaac Dealey www.turnkey.to 954-776-0046 > One of my clients has a shop built in .asp which amongst other > things grants access to parts of the site based on their payments > or subscription status. I want to grant or deny access to my > coldfusion apps based on the same information. > > Has anyone ever picked up session vars created by .asp and used > them in cf apps? I'm talking about validating a user based on > his shopper id created in asp. Is this as easy for me to use > as it is in cf generated session vars? > > (written as a real .asp beginner here) __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Using session vars created by .asp shop .. possible?
>From the same domain you can... you can read an asp session cookie which in turn.. you can use in your application to validate or what not. i belive this is true Joe Certified Advanced ColdFusion Developer [EMAIL PROTECTED] -Original Message- From: Michael Kear [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 2:33 PM To: CF-Talk Subject: Using session vars created by .asp shop .. possible? One of my clients has a shop built in .asp which amongst other things grants access to parts of the site based on their payments or subscription status. I want to grant or deny access to my coldfusion apps based on the same information. Has anyone ever picked up session vars created by .asp and used them in cf apps? I'm talking about validating a user based on his shopper id created in asp. Is this as easy for me to use as it is in cf generated session vars? (written as a real .asp beginner here) Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists