yes, i verified that they are passing CFID and CFTOKEN in URL parameters of the action page.
thanks sravan From: [email protected] To: [email protected] Subject: RE: [ACFUG Discuss] single sign-on issue CF 8 Date: Wed, 17 Jun 2009 21:33:03 -0400 Sravan, CF will only create a new cfid/cftoken if they are not passed into a request, whether via a cookie pair or on the URL (or in a form field, I suppose). Whatever that other server’s technology is for sending a request, see if they’re passing the data any of these ways. You can also check it in your CF code that they’re calling. Do a CFLOG of these three sets of variables (such as cookie.cfid, url.cfid, and form.cfid) to see what those are coming into the request. Let us know how it works out. /charlie From: [email protected] [mailto:[email protected]] On Behalf Of sravan kumar Sent: Wednesday, June 17, 2009 9:13 PM To: [email protected] Subject: RE: [ACFUG Discuss] single sign-on issue CF 8 Tried the same (appending CFID and CFTOKEN in the form POST) but still CF8 generating a new CFID and CFTOKEN as soon we get a request from third party. i don't understand why CF8 creating a new session when infact it see a valid CFID and CFTOKEN in the URL as well. thanks Sravan From: [email protected] To: [email protected] Subject: Re: [ACFUG Discuss] single sign-on issue CF 8 Date: Wed, 17 Jun 2009 21:04:47 -0400 CC: [email protected] Try passing the cfid and cftoken back from the third party server to cf over the URL. Regards, Steve Drucker Founder Fig Leaf Software http://www.figleaf.com http://training.figleaf.com On Jun 17, 2009, at 9:00 PM, sravan kumar <[email protected]> wrote: Hi, We are converting our applications from CF5 to CF8.0. Yes, we are still in CF5.0 for various reasons :-) We have a application in CF5 in production that integrates with a third party application. When a user clicks a link on our application, we will post an action page to third party site with session info (like encrypted cookie, cfid and cftoken etc). Third party makes an internal request from their app to our site to get some xml data using the session identifiers provided using a https GET request. This works fine. however when they make an internal request to our site using https POST method, our CF8 server is generating a new session for some reason. does anybody have seen this behaviour? This app works great in CF5.0 though. Any insight is greatly appreciated. thanks Sravan Lauren found her dream laptop. Find the PC that’s right for you. ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- Bing™ brings you maps, menus, and reviews organized in one place. Try it now. ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- _________________________________________________________________ Insert movie times and more without leaving Hotmail®. http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009 ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
