ColdFusion wrote:
>I thought the session variables are applied to the application
>Which is mapped to the url of http://www.mysite.com
>
>Since https is a different protocol, I did not think you could in theory
>share those variables.
No thats not correct. The session variables are mapped to an application which
has a specific name, where that name is set with a cfapplication tag, typically
in /Application.cfm. This is a server side operation. The protocol you use to
reach the domain is client side and doesn't have anything to do with the
picture with respect to the application, its identity, the session vars
belonging to users within it etc.
Its the domain you have to match up to. If you look at the client side cookie
file (which contains the CFID and CFTOKEN that CF uses to maintain state) its
named 'www.domain.com' or 'domain.com' and contains nothing inside to indicate
any sort of specific protocol. You get one cookie file per domain. Cross
domains and you get a different CFID and CFTOKEN.
So by telling CF what the desired CFID and CFTOKEN is when the user crosses
into secureland (via the query string; and you only need to do it once) either
CF will match up the other scopes (client, cookie, session) for you or you need
to do it yourself -- I forget which at the moment to be honest. If CF doesn't
do it then something like this in /Application.cfm would be in order:
if (isdefined ("url.CFID")) {
if (CompareNoCase(client.CFID,url.CFID)) {
client.CFID=url.CFID;
client.CFTOKEN=url.CFTOKEN;
cookie.CFID=url.CFID;
cookie.CFTOKEN=url.CFTOKEN;
}
}
I pulled the above from some old code. Again it may not be even necessary.
Where cf_coder is probably running into trouble is there is probably an
Application.cfm in the mix somewhere on the secure side that is controlling the
show and contradicting what s/he wants to do. If you can't even dump the
session scope, then I would take that to mean there is a cfapplication tag
somewhere that is denying session management. As a general rule, both client
and session management must be enabled unless you want to do a lot of extra
work, which I bet you don't.
1. Find that tag. Search for the string "cfapplication" throughout the code
and that will bring up all potential sources of trouble.
2. Correct the discrepancy in cfapplication settings.
3. Make sure the affected cfapplication statements have the same application
name. Without that you will have separate sessions no matter what other hoops
you jump thru.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242319
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
