Reputation: 10702
How can I share a SESSION between multiple ColdFusion applications on the server/under the same domain?
Let's say I have a domain sub.domain.com with one login form at https://sub.domain.com/login.cfm.
In the root directory, I have my Application.cfc which names the application using THIS.Name = "MyApp";.
I have several sub-directories on this website, which I want to run as separate applications, with their own Application.cfc which extends the root Application.cfc, but each has it's own name, so that I can create Application-scope variables unique to that application:
For instance: sub.domain.com/site1/Application.cfc
extends sub.domain.com/Application.cfc (using a Proxy cfc)
THIS.Name = "MyApp_Site1";
and sets some Application-scope variables specific to the application.
But, when they login in at https://sub.domain.com/login.cfm, any SESSION-scope variables set there are tied to the APPLICATION name "MyApp".
What kind of solution can I use to accept the valid login in the root directory Application, and then forward the user to their application, while carrying over their user-specific properties?
Upvotes: 3
Views: 4960
Answers (3)
Reputation: 2562
As @Dave Ferguson mentioned, the easiest way, most coldfusiony way to share the session data is to keep it as a single application. You could even have the contents in a different folder, as long as the names are the same.
You don't need to use a framework like FW\1 or anything like that to get what you're looking for, although they may make it a bit easier. You can always store structs inside the application scope, with the key being the sub-application name. For example application.myvariable could be come application[request.subappname].myvariable. This keeps you with one application, but the application variables are scoped for the various sub-applications. You can do the same with your session variables too.
Another approach, as @Brian mentioned, would use an intermediary store. You could then store your session data using any key you want. As @Dave Ferguson mentioned, set your CFID and CFTOKEN as domain cookies (CF10 in particular has some improvements in setting up the cookies). That way the same CFID and CFTOKEN will be used across applications. They still have different sessions, but use the same session identifiers. You can then use that combination as the key to your data in the intermediary store.
A database would be the conventional way to go about this, but depending on your app this may cause concurrency and locking issues, issues with serialization/deserialization, or performance, and then there's always handling the purging of old/expired data. So you might want to look into something like ehcache or memcached to handle this.
ehcache in particular is an attractive option, as it is bundled with ColdFusion 9+, can use both memory and disk, depending on your settings, the data in the cache can survive a service restart (or reboot), and it can be set to automatically expire records after a certain amount of inactivity. And yes, it can be used for custom caches.
I do advise that you be careful if you take this approach. You need to weigh the performance hit for grabbing the data from the cache each time (say in onRequestStart), vs the memory consumption by grabbing the data in onSessionStart() and holding duplicates across many applications, until the session(s) time out. Which route you go will depend totally on the performance characteristics of your application, size of your session data, etc.
Upvotes: 4
Reputation: 773
The simple answer is you can't. But let me explain a little as that is also not entirely true. First, sessions are tied to the application name. So, if you were to have 2 application.cfc files that both had the same application name the sessions would be available for both. However, that is not what you are doing. Since you have a different name in each there will be new application scopes for each thus new sessions as well.
What you might want to try is using FW\1 and sub applications. This gives you a single main app.cfc but allows you to break out functionality into distinct groups.
You could also set domain level cookies from the login page. You could then use them in your other applications to blindly create sessions.
Upvotes: 3
Reputation: 565
Sessions in ColdFusion are tied to a specific application. You can't share them between applications using the session structure in ColdFusion. (Imagine the security nightmare you would have on a shared host if you could pull session information from any application on the same server.)
You will need to store session information in a database or some other persistence mechanism when they successfully log in to the root of your app, then load the customer's session information up on the first request to the site-specific application. You can do this in onSessionStart() in application.cfc in your site-specific application, or even in onRequestStart().
Upvotes: 1
Related Questions
- Sharing login credentials between ColdFusion servers?
- One domain, 2 sessions
- ColdFusion Session Management / User Authentication with Multiple Domains
- How to share a cookie between diffrent domains?
- Using Coldfusion sessions without cookies
- coldfusion sessions dropped when initiated by a different domain
- How do I implement a single sign-on for different ColdFusion applications running on the same server?
- Scoping sessions to a particular section of a Coldfusion application?
- Coldfusion Session Cookie
- Can session be transfered to different domain pointing to the same CF instance?