Well, I don't know what this 3rd party software you are using to connect to your site is - but my guess is that it's not handling the session correctly. When you did your test from the HTML pages, did you use the cfid and cftoken variables or jsessionid?
> > i tried this in between two cf servers and it works well. i was able to > access other CF server page from html page. > > > > Any other ideas? > > > > thanks > > Sravan > > > >> Date: Fri, 19 Jun 2009 16:11:05 -0600 >> Subject: RE: [ACFUG Discuss] single sign-on issue CF 8 >> From: [email protected] >> To: [email protected] >> >> I have a simple test for you I think. Make an HTML page that does a form >> post to the URL of your application. Make sure the HTML page is hosted >> on >> a different webserver of some kind, preferrably a completely different >> machine. Log into your CF app and take note of the sessionid variables. >> Put that information into the form action parameter on your html page, >> obviously appended onto the url to the app. Try viewing the HTML and >> posting the information with either javascript or a submit button. >> >> What is your result? >> >> > >> > I didn't have this problem when user is in my application. User is >> able to >> > navigate between pages without any problem. >> > >> > >> > >> > Third party website is able to make a GET request without any >> problems. If >> > bombs out only when they make a POST request. >> > >> > >> > >> > i wonder what causes CF8.0 to think that it is a new session. >> > >> > \ >> > >> > thanks >> > >> > sravan >> > >> > >> > >> >> Date: Thu, 18 Jun 2009 09:31:42 -0600 >> >> Subject: RE: [ACFUG Discuss] single sign-on issue CF 8 >> >> From: [email protected] >> >> To: [email protected] >> >> >> >> I've had issues with CF 7 & 8 before in cases where I had the J2EE >> >> sessions turned on or off in the CF Administrator. With them turned >> off >> >> while using Application.cfc, no sessions were "sticking". Every page >> >> request seemed to generate a new session. That doesn't sound like the >> >> issue here, but you might try turning that setting on or off and see >> if >> >> that affects behavior any. I would suggest playing around with or at >> the >> >> very least making note of these settings: >> >> >> >> - Use J2EE session variables >> >> - Enable Application Variables >> >> - Enable Session Variables >> >> >> >> > >> >> > Tried the same (appending CFID and CFTOKEN in the form POST) but >> still >> >> CF8 >> >> > generating a new CFID and CFTOKEN as soon we get a request from >> third >> >> > party. >> >> > >> >> > >> >> > >> >> > i don't understand why CF8 creating a new session when infact it >> see a >> >> > valid CFID and CFTOKEN in the URL as well. >> >> > >> >> > >> >> > >> >> > thanks >> >> > >> >> > Sravan >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > From: [email protected] >> >> > To: [email protected] >> >> > Subject: Re: [ACFUG Discuss] single sign-on issue CF 8 >> >> > Date: Wed, 17 Jun 2009 21:04:47 -0400 >> >> > CC: [email protected] >> >> > >> >> > >> >> > Try passing the cfid and cftoken back from the third party server >> to >> >> cf >> >> > over the URL. >> >> > >> >> > Regards, >> >> > Steve Drucker >> >> > Founder >> >> > Fig Leaf Software >> >> > http://www.figleaf.com >> >> > http://training.figleaf.com >> >> > >> >> > >> >> > >> >> > On Jun 17, 2009, at 9:00 PM, sravan kumar <[email protected]> >> wrote: >> >> > >> >> > >> >> > >> >> > >> >> > Hi, >> >> > >> >> > We are converting our applications from CF5 to CF8.0. Yes, we are >> >> still in >> >> > CF5.0 for various reasons :-) >> >> > >> >> > We have a application in CF5 in production that integrates with a >> >> third >> >> > party application. When a user clicks a link on our application, we >> >> will >> >> > post an action page to third party site with session info (like >> >> encrypted >> >> > cookie, cfid and cftoken etc). Third party makes an internal >> request >> >> from >> >> > their app to our site to get some xml data using the session >> >> identifiers >> >> > provided using a https GET request. This works fine. however when >> they >> >> > make an internal request to our site using https POST method, our >> CF8 >> >> > server is generating a new session for some reason. >> >> > >> >> > does anybody have seen this behaviour? This app works great in >> CF5.0 >> >> > though. >> >> > >> >> > Any insight is greatly appreciated. >> >> > >> >> > thanks >> >> > Sravan >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > Lauren found her dream laptop. Find the PC thats right for you. >> >> > ------------------------------------------------------------- >> >> > To unsubscribe from this list, manage your profile @ >> >> > http://www.acfug.org?fa=login.edituserform >> >> > >> >> > For more info, see http://www.acfug.org/mailinglists >> >> > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> >> > List hosted by FusionLink >> >> > ------------------------------------------------------------- >> >> > _________________________________________________________________ >> >> > Bing brings you maps, menus, and reviews organized in one place. >> Try >> >> > it now. >> >> > http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TEXT_MLOGEN_Core_tagline_local_1x1 >> >> > >> >> > >> >> > ------------------------------------------------------------- >> >> > >> >> > To unsubscribe from this list, manage your profile @ >> >> > >> >> > http://www.acfug.org?fa=login.edituserform >> >> > >> >> > >> >> > >> >> > For more info, see http://www.acfug.org/mailinglists >> >> > >> >> > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> >> > >> >> > List hosted by http://www.fusionlink.com >> >> > >> >> > ------------------------------------------------------------- >> >> > >> >> > >> >> > >> >> >> >> >> >> >> >> ------------------------------------------------------------- >> >> To unsubscribe from this list, manage your profile @ >> >> http://www.acfug.org?fa=gin.edituserform >> >> >> >> For more info, see http://www.acfug.org/mailinglists >> >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> >> List hosted by http://www.fusionlink.com >> >> ------------------------------------------------------------- >> >> >> >> >> >> >> > >> > _________________________________________________________________ >> > Insert movie times and more without leaving Hotmail®. >> > http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009 >> > >> > >> > ------------------------------------------------------------- >> > >> > To unsubscribe from this list, manage your profile @ >> > >> > http://www.acfug.org?fa=login.edituserform >> > >> > >> > >> > For more info, see http://www.acfug.org/mailinglists >> > >> > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> > >> > List hosted by http://www.fusionlink.com >> > >> > ------------------------------------------------------------- >> > >> > >> > >> >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=gin.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> ------------------------------------------------------------- >> >> >> > > _________________________________________________________________ > Insert movie times and more without leaving Hotmail®. > http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009 > > > ------------------------------------------------------------- > > To unsubscribe from this list, manage your profile @ > > http://www.acfug.org?fa=login.edituserform > > > > For more info, see http://www.acfug.org/mailinglists > > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > > List hosted by http://www.fusionlink.com > > ------------------------------------------------------------- > > > ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
