Hi Ezra, Inherently, Session variables are not normally available across Application environments, i.e., PHP, Witango, ColdFusion, ASP, etc....
But....It can be done, with some custom coding based on the following principles: ~~ Outside of the Server, nearly all modern Web-application environments employ the same Session Management methodology, in that they all utilize "session-cookies" to match and track individual Users to Session Variables stored on the Server. ~~ Most of these modern Web-application environments have a work-around solution for when "session-cookies" are disabled. For example: ................................ The Witango <@USERREFERENCE> value is captured either from the HTTP Request header containing a "session-cookie" value or from the alternate <@USERREFERENCEARGUMENT> Metatag which creates a URL Search argument value pair, which is the same value as the "session-cookie". Example: &<@USERREFERENCEARGUMENT> ...creates... &UserReference=06130935C6A382663E7A2840 ................................ PHP has similar functionality, where the session_id() function returns either the HTTP "session-cookie" value or the PHPSESSID= search argument value. ................................ Likewise, ASP.NET is similar, but they embed the SessionID as part of the URL for "cookieless" session management. Example: http://localhost/(lit3py55t21z5v55vlm25s55)/Application/SessionState.aspx The difference here is that the <@USERREFERENCEARGUMENT> Metatag doesn't have to be added to all your <A HREF=""></A> values or FORM ACTION attributes. Then, simply calling SessionID returns the value regardless of how it is managed with the browser. --------------------------------- So, with all that said, in basic terms you need to do the following: ~ After validating a User's logon session, capture the User's Session ID AND Application type (Witango, PHP, etc..) and store in a database table, along with the current timestamp. ~ Update the Session record periodically (once every 5 minutes for example) with new page requests. Then, when the user hits a page that is a different type (e.g., PHP) from where they started (e.g. Witango), AND no user$user_id equivalent is found -- then you check the database table to see if another validated session is currently active (based on the recent timestamp). If another validated session is found, and has not expired yet - then "auto-logon" the user to the PHP page. (remember, the above is some of the basic logic required) --------------------------------- Some things to keep in mind, are that you examine the timing you want to employ to make your process as secure as possible, such as how often to update the session record verses your environment's default expiry timeout and such. Another point to note are the actual Session / User variables. The above process just "validates" the allowed user, and the actual variables are not automatically available to each environment. You'll need to implement a "auto-logon" function of some kind (in each environment) that assigns your required variables. Once this is done, then variables can be shared through either another database table or dynamically written text (or XML) files. It is alot of work, but can be done if you understand the principles of Session management, and are strict about what you assign to your User scope. Another "simpler" solution would be to just use POST or Search arguments - but this is not considered secure because "session" variables are then exposed to the web outside or your Server, and of course can add performance overhead. ................ By the way, I have successfully implemented this process myself where Sessions are being automatically validated between Witango and ASP.NET pages. Hope this helps. Cheers............ Scott Cadillac, Witango.org - http://witango.org 403-281-6090 - [EMAIL PROTECTED] -- Information for the Witango Developer Community --------------------- XML-Extranet - http://xml-extra.net 403-281-6090 - [EMAIL PROTECTED] -- Well-formed Development (for hire) --------------------- ----- Original Message ----- From: "Ezra" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 20, 2003 11:52 AM Subject: Witango-Talk: Sharing vars between witango & php > > What is the best way to share variables between a php app and a witango > app? I need to share a few vars (userid/pass/status/sessionID, etc..) > between two apps so there is no need for users to login again when > calling apps of different types. I think setting up cookies and have > both wi and php apps look for it might be one but not good if cookies > are turned off. Any ideas? > > > Don't tell me to convert those php apps to witango! :) > > > thanks, > Ezra > > > On Tuesday, March 18, 2003, at 01:58 PM, Troy Sosamon wrote: > > > > > > > How about this clock - ha ha. > > > > http://www.yugop.com/ver3/stuff/03/fla.html > > > > Troy Sosamon > > > > -----Original Message----- > > From: Aseem Mal [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 14, 2003 1:45 PM > > To: [EMAIL PROTECTED] > > Subject: Witango-Talk: RE: Client-Side Clock > > > > > > > > Hi, > > I need to use the client-side system-time to build my taf. Is there a > > Tango function I can use, or do I have to resort to good old > > JavaScript? > > > > > > Aseem Mal > > Web Applications Engineer > > Execpro Information Services Inc., > > 1250, 4th Street > > Santa Monica, CA 90401 > > E-mail: [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: Chris Millet [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 14, 2003 11:34 AM > > To: [EMAIL PROTECTED] > > Subject: Witango-Talk: Sending email with authentication > > > > Does anyone know how to have Witango send an email using an SMTP server > > that > > requires authentication? > > > > Chris > > > > > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > > [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > > [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > > [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
