Shared client variables in ColdFusion 8


Idea of this HOWTO was born an answer to StackOverflow question Sharing login credentials between ColdFusion severs? The task was to keep users logged in while navigating between different servers. In this HOWTO I'll try to show the steps how to achieve such result in easy way.

Create empty database on one of servers (I've created MySQL one). Create datasources pointing to this DB on all CF servers.

Use created datasource as Server Settings < Client Variables > client sessions store with name SharedSessions (we'll use it later).

shared_client_vars_2_register

 

Please note that you need to uncheck when creating store at second server:

shared_client_vars_3_second

How this can be used? Let's use same example as at SO.

<cfapplication
    name="shared_session_test"
    sessionManagement="true"
    clientmanagement="true"
    clientstorage="SharedSessions" />

Here's the trick: we set same clientstorage attribute on both servers.

To check that system works we'll try to keep basic login between two servers:

<cflogin>

    <cfif IsDefined( "cflogin" ) and cflogin.name eq "admin" and cflogin.password eq "admin">
        <cfset user_roles = "administrators" />
        <cfset user_name = cflogin.name />
        <cfset user_password = cflogin.password />
    </cfif>

    <cfif IsDefined( "user_roles" )>
        <!--- push login params into shared client scope --->
        <cfset CLIENT.user_roles = user_roles />
        <cfset CLIENT.user_name = user_name />
        <cfset CLIENT.user_password = user_password />
    <cfelseif IsDefined( "CLIENT.user_roles" )>
        <!--- restore login params from shared client scope --->
        <cfset user_roles = CLIENT.user_roles />
        <cfset user_name = CLIENT.user_name  />
        <cfset user_password = CLIENT.user_password  />
    </cfif>

    <cfif IsDefined( "user_roles" )>
        <cfloginuser name="#user_name#" password="#user_password#" roles="#user_roles#">
    <cfelse>
        <!--- authentication failed - send back 401 --->
        <cfsetting enablecfoutputonly="yes" showdebugoutput="no">
        <cfheader statuscode="401">
        <cfheader name="WWW-Authenticate" value="Basic realm=""MySecurity""">
        <cfoutput>Not authorized</cfoutput>
        <cfabort />
    </cfif>

</cflogin>

To notify the target server which variables to use, we have to pass the client token. This can be done via URL:

<cfoutput><p><a href="http://other.host.com/shared/index.cfm?#CLIENT.urltoken#">falcon</a></p></cfoutput>

It can be done more transparently if you are working with subdomains. Token can be put into cookie with domain *.host.com, that should make cookie visible for all subdomains.

The best part is that it doesn't matters, which OS, web-server software and database used at each server. Everything should work without problems. Thanks ColdFusion for making our lifes easier! :)

More reading:
Configuring and using session variables
Configuring and using client variables

Posted by Sergey Galashyn on May 17, 2009 at 1:06 PM - Categories: HOWTO | Coldfusion

Comments

Rodion

Comment by Rodion on 06/02/09 4:15 PM

Do you need to add clientstorage="SharedSessions" in cfapplication because it's not set as default storage ? Or we have to write clientstorage="SharedSessions" even if it's set as default storate in CF Admin ?
Sergey

Comment by Sergey on 06/03/09 12:19 AM

"The Administrator setting is only used when no ClientStorage attribute is specified in a cfapplication tag."

(c) CF Admin

Write a comment





Leave this field empty: