2

I have a login function that authorizes against a remote database over xml webservice. Upon successful login, I set a bunch of session variables for the logged-in user that follow them around the site (members only content, etc). This all works fine.

We are setting up a store and would like to have access to the session variables, for member pricing, pre-filling forms and so on. For now, the link to the store is available only after a member logs in. I am including the url token in the link, like so:

https://mysite.com/store/index.cfm?<cfoutput>#session.urltoken#</cfoutput>

CFdumping the session on the store page shows the same cfid, cftoken and jsessionid as from the login page, so I think the session is being correctly maintained -- but none of my session variables show up in the dump, and if I try to reference them I get the "is undefined in session" error.

This happens whether I go from login to store via http > http, https > https, or other combination. It's all on the same server. I would appreciate any help in resolving this, or if anybody has a better suggestion on how to accomplish our goal, I would really appreciate that too! Again, all I want to do is have the store recognize a logged-in member as such, when they first arrive at the store home page. Thanks a lot!

James A Mohler
  • 11,060
  • 15
  • 46
  • 72
daltec
  • 447
  • 1
  • 5
  • 15
  • Have you confirmed that the full URL is the same (ie, mysite.com or www.mysite.com on both sides)? Otherwise, your code should work. – Billy Cravens Feb 10 '12 at 09:00
  • Are you staying within the same application? In other words, is `application.applicationname` the same in both cases? – ale Feb 10 '12 at 13:27
  • Hi Billy thanks, the URL is the same -- they are both part of the same site, ie getting past https://mysite.com/login.cfm will set the session vars and provide a link to https://mysite.com/store/index.cfm. Al, I am checking on application settings now... thanks! – daltec Feb 10 '12 at 14:30
  • I don't understand how the session IDs are being maintained across two applications. Each application should be setting its own cookie. Is it possible that something is clearing the session values, but preserving the cfid and cftoken values? (a proper logout) – J.T. Feb 10 '12 at 16:17
  • Could you please post your `` tag? – Jake Feasel Feb 10 '12 at 17:53
  • Hi Jake and Jason, I made the cfapplication tag in application.cfm for the store '' match '' from constructor.cfm. This seems to be working -- I can see all my session vars now. Why the jsessionid would be carried over, I have no idea! – daltec Feb 10 '12 at 19:29

2 Answers2

1

Both applications need to have the same name

If they have different names, then all application session variables are specific to that application.

so in application.cfm make sure name is set if you have any application.cfc that might be set using this.name in the constructor.

Dale Fraser
  • 4,623
  • 7
  • 39
  • 76
  • 1
    After rereading the question, it looks like we both fail to understand what's going on. There's no indication that they are separate applications: it sounds to me like both of the pages he's referencing are in the same app, so there's may be no such thing as "both applications", but rather, sessions are being lost in the context switch to and from SSL. – Billy Cravens Feb 10 '12 at 08:46
  • Its possible one is named differently or that one doesn't have session variables enabled. – Dale Fraser Feb 10 '12 at 09:01
  • I'm reading as one folder, one app, one application.cfm, 2 different sites in the web server - but reading the title, perhaps that's not the case – Billy Cravens Feb 10 '12 at 10:16
  • Thanks Billy and Dale for your help! I really appreciate it! Upon closer examination, here's what I have: one root folder for mysite.com; various folders within that – daltec Feb 10 '12 at 14:33
  • Apologies for my incomplete explanation to begin with. Evidently there *were* two apps. I matched the name in my cfapplication tag in the store's application.cfm to match the name from cfset in the Farcry constructor. All of my session vars are now being output in cfdump! Thanks everybody for helping me out -- sorry again I did not make it more clear originally! :-) – daltec Feb 10 '12 at 19:34
-1

You can use server scope.

<cfset server.sharedSession[session.urlToken]=session>

To copy into a servers session:

<cfloop collection='#server.sharedSession['#url.urlToken#']#" index="i">
    <cfset session[i]=servers.sharedSession['#url.urlToken#'][i]>
</cfloop>

You could just copy the entire session, but looping allows you preserve values that aren't in the source session.

Billy Cravens
  • 1,643
  • 10
  • 15
  • I think this is a really bad idea, your trying to duplicate what session variables are for by adding a token into the server variable scope. What will clean them up, time them out etc. I'd stick with session variables. – Dale Fraser Feb 10 '12 at 08:23
  • I agree: if you wanted to sync sessions on 2 different apps, you'd probably want to use a simple service call over HTTP - that would avoid the problems with server scope. However, I don't think that's what's happening here; I think it's the same app (see my response to your answer) – Billy Cravens Feb 10 '12 at 08:47
  • Thanks Billy and Dale for your help! I really appreciate it! Upon closer examination, here's what I have: 1) one root folder for mysite.com; various folders within that (ie mobile, store, images, etc). 2) part of the site uses Farcry CMS. In the root folder there is indeed application.cfc, farcryConstructor.cfm, and proxyApplication.cfc. In the store folder is application.cfm. The constructor does cfset a name different than the one in application.cfm. Hang on while I make some quick edits... thanks again!! – daltec Feb 10 '12 at 14:39