I am trying to use CFLogin to setup a secure area in a web site. The problem that I am having is that there is no login form ... the site uses an SSO provider for authentication, and I receive a few variables in the header stating who the user is after a successful login. This means that the SSO provider is set to authenticate the user when they make an http request of a specific file.
So, what I was attempting to do was determine if the current page needs the user to be authenticated. If so, redirect them to the page that is protected by the SSO provider, which stores the information it gets from the SOO provider in the session scope, and then returns the user to the page they came from. I can then use that information to log the user in, check their roles, etc. The problem I am having is that when the SSO page stores its information in the session scope, it then performs a redirect and that information is being lost. I have tried <cflocation with the addToken="yes", I have tried <cfheader redirects, <meta redirects, etc. and the session information is always lost. I have checked to make sure it is being set correctly before the redirect, but once the user is taken back to the original page, the session scope is empty. Anybody have any suggestions as to why I am loosing the session scope, or as to a better way to go about this? Thanks -- Jeff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4/messageid:246569 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
