Interesting challenge. My understanding is this... CF uses the CFID cookie which contains an index to your session variables on the server. For security, a second cookie CFTOKEN contains an encrypted value that validates the value of CFID.
ASP uses a similar scheme, using a cookie ASPSESSIONID (?) which contains an encrypted value of an index which points to your session variables in the server memory. Now, as a user moves between a CF page and an ASP page, both applications can access all the cookies (CFID, CFTOKEN, ASPSESSIONID), provided that the pages are in the same domain. THe basic problem is that CF server cannot decrypt ASPSESSIONID and the ASP server cannot decrypt CFTOKEN. Even if they can decrypt the cookie and obtain the index value, they cannot access the session variables which are locked inside each application server's memory space. Maybe you can do something like this: When the user authenticates at the ASP site, the ASP cookie is created as usual, then submit a hidden form containing the user id and password to autologon.cfm. In autologon.cfm, you authenticate the user against the database, and if successful, write the CF session variables, which creates the CFID/CFTOKEN cookies. In the response page returned by autologon.cfm, you can redirect back to your "Welcome" ASP page, so the process is fairly transparent to the user. Now you have both sets of cookies created and the user can freely link between ASP and CF pages as an authenticated user. A reminder, for auto-redirection between pages, use javascript location.href. Avoid CFLOCATION because cookies don't get written into the browser with a CFLOCATION. -- Regards: Ayudh +--------------------------------------------------------------+ | Turn on your Revenue Stream... | | Bolt on a Virtual Cash Register to your e-commerce site now. | | VeriPay from Xilo Online: http://www.xilo.com | +--------------------------------------------------------------+ Ryan Sabir wrote: > > Greetings folks, > > I have a client who is interested in integrating some Cold Fusion components > we have written into an ASP site they are writing. > > This site involves a user login that they will be implementing in ASP. Does > anyone have any ideas on how I could get this login information over to Cold > Fusion? > > I imagine if they are manually setting a session cookie it should be pretty > easy to pull the user id out using CFCOOKIE, but what if they are using the > ASP equivalent of a 'session'. Does anyone know the inner workings of this? > > Both parts of the site will be querying the same MS-SQL database. > > Thanks... > > ----------------------- > Ryan Sabir > Newgency Pty Ltd > 2a Broughton St > Paddington 2021 > Sydney, Australia > Ph (02) 9331 2133 > Fax (02) 9331 5199 > Mobile: 0411 512 454 > http://www.newgency.com/index.cfm?referer=rysig > ' > ' > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
