Ok, I have access to the database - the coldfusion is on the same system and domain as the .asp shop and the rest of the site. So I can look up the database and see if the user has access or has membership or has paid his fees, just as the article prior to it does. The question is, how do I identify this user without requiring him to log in again. He's just logged in a few minutes earlier to get to the article he's following, now on page 9 or 10 of the article, there's a coldfusion page that calculates some stuff for him and we can't ask him to log in again.
We don't really like using cookies, because the users we have here are paranoid people. They have cookies turned off. The ones who aren't paranoid are working the site fine and its not a problem. It's the paranoid ones we're trying to cater for. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -----Original Message----- From: Matt Liotta [mailto:[EMAIL PROTECTED]] Sent: Thursday, 18 July 2002 12:06 PM To: CF-Talk Subject: RE: Using session vars created by .asp shop .. possible? The way to share session information across disparate application servers is not to use any of the application servers' built-in session management. Roll your own! One popular method is to use something like WDDX to serialize session information and then store it in a central store of some kind like a database or file system. Then any application server can read the WDDX and deserialize the session back into memory. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ V: 415-577-8070 F: 415-341-8906 P: [EMAIL PROTECTED] > -----Original Message----- > From: Michael Kear [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:48 PM > To: CF-Talk > Subject: RE: Using session vars created by .asp shop .. possible? > > Isaac's answer kind of helps, but kind of doesn't. The problem I'm > trying > to get around is the very users he's referring to ... the ones who are > paranoid (and this client attracts them like flies to a barbecue) and have > personal firewalls that prevent the variable cgi.http-referer being > passed. > (It's this variable that I've relied on up till now but the growth of > personal firewalls has made it a problem we have to deal with now) > > So any solution is going to have to deal with these people. They log > into > the shop, pay their money or give their passwords to validate their > subscription status. Then they go to an article in the site. The article > can be a free article (no problems there) or pay-per-view or members only > or > only for a particular class of members. Up till now, I've worked on the > assumption that if they have access to the article that is sending them to > my ColdFusion app, then they can have access to my app. So I just > checked > the page they're coming from and if it's the correct article, I let them > in, > if it's not the correct article, I send them to the article head page to > start there, and let the .asp shop take care of the access control. > > However there are all these people who are using firewalls and not letting > their browsers pass cgi.http_referer and therefore the CF app is assuming > they aren't coming from the right place and kicks them back to the start > of > the story. This is a problem if the user has just finished paying for a > 24hour view of the article. > > Has anyone actually done it - pick up session vars created by an .asp > application? I get the impression that the answers I'm reading are not > based on experience but on theory. > > Cheers, > Mike Kear > Windsor, NSW, Australia > AFP WebWorks > > > -----Original Message----- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 17 July 2002 4:54 AM > To: CF-Talk > Subject: Re: Using session vars created by .asp shop .. possible? > > Hi Mike, There's no way for ASP and CF to see or use each-other's > persisten > variables ( request, application, etc. ) natively... In order to make the > transition, you'll have to add something to the login script for the ASP > shop that will as an example, post login info to a CF page in a hidden > frame > in order to set session variables in CF ... the problem then becomes that > the CF session variables will timeout if the user is wandering around the > ASP shop and not hitting any CF pages for a while... > > There are a number of things you can try to work around this problem, > including the use of cookies ( assuming both the ASP and the CF share a > domain name you should be able to set and retrieve cookies from the > browser > without having to care whether the current page is ASP or CF ) and the use > of database to store session info ( slower, more complicated, need to pay > special attention to security -- possibly more reliable for paranoid users > who tend to block all cookies or who are on networks with paranoid admins > who block all cookies through the firewall). > > Isaac Dealey > www.turnkey.to > 954-776-0046 > > > One of my clients has a shop built in .asp which amongst other > > things grants access to parts of the site based on their payments > > or subscription status. I want to grant or deny access to my > > coldfusion apps based on the same information. > > > > Has anyone ever picked up session vars created by .asp and used > > them in cf apps? I'm talking about validating a user based on > > his shopper id created in asp. Is this as easy for me to use > > as it is in cf generated session vars? > > > > (written as a real .asp beginner here) > > > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
