I have a simple test for you I think. Make an HTML page that does a form post to the URL of your application. Make sure the HTML page is hosted on a different webserver of some kind, preferrably a completely different machine. Log into your CF app and take note of the sessionid variables. Put that information into the form action parameter on your html page, obviously appended onto the url to the app. Try viewing the HTML and posting the information with either javascript or a submit button.
What is your result? > > I didn't have this problem when user is in my application. User is able to > navigate between pages without any problem. > > > > Third party website is able to make a GET request without any problems. If > bombs out only when they make a POST request. > > > > i wonder what causes CF8.0 to think that it is a new session. > > \ > > thanks > > sravan > > > >> Date: Thu, 18 Jun 2009 09:31:42 -0600 >> Subject: RE: [ACFUG Discuss] single sign-on issue CF 8 >> From: [email protected] >> To: [email protected] >> >> I've had issues with CF 7 & 8 before in cases where I had the J2EE >> sessions turned on or off in the CF Administrator. With them turned off >> while using Application.cfc, no sessions were "sticking". Every page >> request seemed to generate a new session. That doesn't sound like the >> issue here, but you might try turning that setting on or off and see if >> that affects behavior any. I would suggest playing around with or at the >> very least making note of these settings: >> >> - Use J2EE session variables >> - Enable Application Variables >> - Enable Session Variables >> >> > >> > Tried the same (appending CFID and CFTOKEN in the form POST) but still >> CF8 >> > generating a new CFID and CFTOKEN as soon we get a request from third >> > party. >> > >> > >> > >> > i don't understand why CF8 creating a new session when infact it see a >> > valid CFID and CFTOKEN in the URL as well. >> > >> > >> > >> > thanks >> > >> > Sravan >> > >> > >> > >> > >> > >> > From: [email protected] >> > To: [email protected] >> > Subject: Re: [ACFUG Discuss] single sign-on issue CF 8 >> > Date: Wed, 17 Jun 2009 21:04:47 -0400 >> > CC: [email protected] >> > >> > >> > Try passing the cfid and cftoken back from the third party server to >> cf >> > over the URL. >> > >> > Regards, >> > Steve Drucker >> > Founder >> > Fig Leaf Software >> > http://www.figleaf.com >> > http://training.figleaf.com >> > >> > >> > >> > On Jun 17, 2009, at 9:00 PM, sravan kumar <[email protected]> wrote: >> > >> > >> > >> > >> > Hi, >> > >> > We are converting our applications from CF5 to CF8.0. Yes, we are >> still in >> > CF5.0 for various reasons :-) >> > >> > We have a application in CF5 in production that integrates with a >> third >> > party application. When a user clicks a link on our application, we >> will >> > post an action page to third party site with session info (like >> encrypted >> > cookie, cfid and cftoken etc). Third party makes an internal request >> from >> > their app to our site to get some xml data using the session >> identifiers >> > provided using a https GET request. This works fine. however when they >> > make an internal request to our site using https POST method, our CF8 >> > server is generating a new session for some reason. >> > >> > does anybody have seen this behaviour? This app works great in CF5.0 >> > though. >> > >> > Any insight is greatly appreciated. >> > >> > thanks >> > Sravan >> > >> > >> > >> > >> > >> > >> > Lauren found her dream laptop. Find the PC thats right for you. >> > ------------------------------------------------------------- >> > To unsubscribe from this list, manage your profile @ >> > http://www.acfug.org?fa=login.edituserform >> > >> > For more info, see http://www.acfug.org/mailinglists >> > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> > List hosted by FusionLink >> > ------------------------------------------------------------- >> > _________________________________________________________________ >> > Bing brings you maps, menus, and reviews organized in one place. Try >> > it now. >> > http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TEXT_MLOGEN_Core_tagline_local_1x1 >> > >> > >> > ------------------------------------------------------------- >> > >> > To unsubscribe from this list, manage your profile @ >> > >> > http://www.acfug.org?fa=login.edituserform >> > >> > >> > >> > For more info, see http://www.acfug.org/mailinglists >> > >> > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> > >> > List hosted by http://www.fusionlink.com >> > >> > ------------------------------------------------------------- >> > >> > >> > >> >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=gin.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> ------------------------------------------------------------- >> >> >> > > _________________________________________________________________ > Insert movie times and more without leaving Hotmail®. > http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009 > > > ------------------------------------------------------------- > > To unsubscribe from this list, manage your profile @ > > http://www.acfug.org?fa=login.edituserform > > > > For more info, see http://www.acfug.org/mailinglists > > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > > List hosted by http://www.fusionlink.com > > ------------------------------------------------------------- > > > ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
