Thanks Costas and Jochem. Costas, the issue isn't how to manage the coldfusion session, because I can do that easily I a number of ways. The issue is that the user gets validated in the .aspx part of the site. I have to be able to know whether he's entitled to see the cfm page he's looking for, and after he's done that, make sure he's still validated for the .aspx part of the site when he leaves my cfm page to go to another area in the site. In other words we want them to be able to move back and forth between the .aspx and .cfm parts of the site without having to log in all the time. One log in has to be enough. To add to the complexity of it, we have a variety of levels of membership. People can belong to parts of the site but not others, or they can buy articles on a pay-per-view basis, or buy one particular article for 24 hours only. Or any other clever way the marketing people might think up in the future.
And it's CF5, so using CFLOGIN automatically's not an option, but I can see that it should work hand-coding the tags though, Jochem. Thanks for your help, and I'm eager to hear any other suggestions people might have. Cheers, Michael Kear Windsor, NSW, Australia AFP Webworks. -----Original Message----- From: Costas Piliotis [mailto:[EMAIL PROTECTED] Sent: Tuesday, 24 June 2003 5:34 AM To: CF-Talk Subject: RE: Passing session from .aspx to .cfm and back Sorry to jump into this thread a bit late, but why not use client variables in cfmx, store them in a database, and write a .net object or function or whatever that parses those variables out into asp.not variables... And write another one to pass them back... Just use cdata / cglobal tables. And then when you transfer the session back to cf, add the cfid / cftoken attributes and the session will continue on I recon... Anyone want to correct me on this? -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 12:26 PM To: CF-Talk Subject: Re: Passing session from .aspx to .cfm and back Mike Kear wrote: > Sorry if I'm asking really basic questions here, but I'm dealing with > a programmer who is on sabbatical in Poland, and is doing the work in > his spare time there, (so I can't talk to him on the phone) and he > loves to blind people with jargon. So he'll give me gobbledegook and > I'll have to decipher it. He wont change anything on his side of the > site, I'll have to do all the adjusting to fit what he's doing. > That's how it is. > > Anyway ... are "Basic Authentication" and "Digest Authentication" the > terms the .aspx programmer will know it by? He should know the terms, they are straight from the RFC on HTTP authentication (2617). > And to hand back to the .aspx site a user who's still showing as > authenticated, all I have to do is use <cfheader to include whatever headers > were included with the .aspx page that the user came over with. Is that > right? The idea is that after being initially challenged the browser will automatically include credentials with every request to documents on the same level or lower in the directory structure of the site. If you use Digest authentication, you can even designate other sites (by name) that should be authenticated with the same credentials. So you don't start a session on both the .aspx and the .cfm side when the user logs in, you just start it on one side. And whenever the user hits a page in the other language, credentials are included so you can start a session on that moment. cflogin can work automatically with HTTP authentication. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
