September 8th, 2003, 08:57 AM
cfhttp and keeping session id's
Hi, I have some coldfusion which does a CFHTTP to another page on another server. The other page is in ASP which also uses a COM object. The COM object relies on a constant SESSIONID.
If I use cfhttp then the session id in the ASP script changes every time because CFHTTP is a new session each time it is used the next time around (that is the coldfusion page has a link to itself which calls the CFHTTP again).
I've tried using CFHTTPPARAM to set type CGI name SESSIONID to change the HTTP_SESSIONID in the header, but this has no effect on the session id (retrieved in ASP using session.sessionID) though it comes back using request.servervariables("http_sessionid") but again, the COM object only see's what the ASP sevice has identified as the current Session ID and not what came in the header.
Does anyone have any solution. It's pretty urgent so any help would be greatly appreciated!
September 9th, 2003, 08:17 AM
Can you not just pass the ASP Session ID in the URL that you are using in the CFHTTP call?
September 9th, 2003, 09:06 AM
That was pretty much what I thought I was doing, but I had the whole situation confused. I solved it because I realised that ASP uses a completely different format of SESSION ID in two ways, i.e. session.sessionid brings back a different ID to that supplied through the HTTP Header and the cookie ID.
Simply put, if I set the sessionID being passed to ASP as a cookie then the ASP uses that, if I dont supply one, ASP creates one, which you can recover in CFM by looking at the returned header after the CFHTTP.
So to solve it, I had to do a call to a pretty much empty ASP script using CFHTTP, that returns a http header with a new cookie with the session ID (found by looking at the cookie "SET-COOKIE" and extracting the cookie marked ASPSESSIONIDblah blah..
Now I have it, I then use CFHTTPPARAM of type cookie on my next call to the real ASP script I want. The ASP script picks this up and so does the COM object which needs it.
On the next time to the first CFM page, I just check if I need a new cookie/sessionid or not and dont do the initial CFHTTP if it's not the first time around.
I got to be fair, though it works it is completely full of server overheads and would make more sense if it the ASP was converted to CFM in this case, but I dont have that luxury at the moment.
Thanks for the suggestion