You will need to redirect to the domain appending the CFID and CFTOKEN values to the URL. E.g. http://www.domain.com/?CFID=#CFID#&CFTOKEN=#CFTOKEN#
Darryl -----Original Message----- From: Joshua Miller [mailto:[EMAIL PROTECTED]] Posted At: Friday, 13 December 2002 8:37 AM Posted To: CFTalk Conversation: Session Variables Across Domains Subject: Session Variables Across Domains Ok, I have a problem: 1. Users go to a specific domain to login: http://sample.somedomain.com/admin/ 2. Users fill out a user/pass form and are taken to: https://secure.somedomain.com where they are authenticated against a database and have some session variables set (username, userID, logintime, etc.) 3. Users are then sent back to: http://sample.somedomain.com/admin/select.cfm to select what function they want to perform and use the application. Here's my problem, the SESSION variables are set under the https://secure.somedomain.com domain and aren't available on the http://sample.somedomain.com/admin/select.cfm page so they're redirected back to the login page to fill out the form again. Now, both the secure and non-secure sites are using the same application name set in their respective Application.cfm templates. Both secure and non-secure locations are actually under the same directory, although the secure.somedomain.com domain is actually a seperate site in IIS while the sample.somedomain.com address is just a host header pointing to the somedomain.com site. I differentiate what content the user sees based on the domain name - what host header they're using tells me what domainID to set. \Websites \somedomain \secure (SSL Enabled) \admin (Login form is in here) Is it not possible to use the same session variables across these domains? Perhaps I'm not understanding the Application Name - I thought that's what determined the SESSION variable ownership across page requests based on the CFID/CFTOKEN. Does every Domain get a CFID/CFTOKEN and SESSION variables or does every Application get a CFID/CFTOKEN and it's own SESSION variables? The only time that I need to use the secure location is when sending the login information, is there another way to accomplish this? Should I just use cookies until the user is logged in and then set the session variables? Any help/input appreciated. Thanks, Joshua Miller Head Programmer / IT Manager Garrison Enterprises Inc. www.garrisonenterprises.net <http://www.garrisonenterprises.net/> [EMAIL PROTECTED] (704) 569-9044 ext. 254 ************************************************************************ ************* Any views expressed in this message are those of the individual sender, except where the sender states them to be the views of Garrison Enterprises Inc. This e-mail is intended only for the individual or entity to which it is addressed and contains information that is private and confidential. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying is strictly prohibited. If you have received this e-mail in error please delete it immediately and advise us by return e-mail to <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] ************************************************************************ ************* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
