#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2006
    Posts
    13
    Rep Power
    0

    Unhappy User loses session when logging into another form automatically through cfhttp


    Dear all

    I currently use the CFHTTP object from Ben Nadel.
    Found here

    This is the thing:

    A user logs into our application. Then it chooses for an external application. Username and password of that external are known, so through a CFHTTP request the user automatically logs into the external application. Result is losing the session of our application.

    When the user then again logs into our application, then there is no more trouble and it can log into other external applications without losing our session. It is only the first time a user logs into an external application, our own session is lost.

    Code:
    <cfif IsDefined('webapplicationID') AND IsDefined('URL.userid')>
    	<cfif session.user.role EQ 'Administrator' OR permissions.checkSimpleAccess(userUUID,webapplication.getValue('webapplicationNumber'))>
    		<cfset url1 = webapplication.getValue('url') />
    		<cfif Find('?',url1) GT 0>
    			<cfset cookieextention = '&' />
    		<cfelse>
    			<cfset cookieextention = '?' />
    		</cfif>
    		
    		<cfset url1 = url1 & cookieextention & 'CFID=' & cookie['cfid'] & '&CFTOKEN=' & cookie['cftoken'] />
    		
    		<cfset response = cfhttpRequest.NewRequest(url1) />
    		
    		<cfloop query="fieldValues">
    			<cfset response.addFormField(fieldValues.name, fieldValues.fieldvalue) />
    		</cfloop>
    		
    		<cfset result = response.post() />
    		
    		<cfif result.responseheader.status_code EQ '404'>
    			<h1>Error</h1><p>404: application not found</p>
    		<cfelseif result.responseheader.status_code EQ '500'>
    			<h1>Error</h1><p>500: server error</p>
    		<cfelse>
    			<cfset redirectLocation = webapplication.getValue('redirectTo') & '&' & Replace(result.responseheader["Set-Cookie"][1],";path=/","") & '&' & Replace(result.responseheader["Set-Cookie"][2],";path=/","") />
    			<cflocation url="#redirectLocation#" addtoken="false" />
    		</cfif>
    	<cfelse>
    		<cflocation url="/icca/icca_sparxdir/securitymanager/index.cfm?status=security" addtoken="false" />
    	</cfif>
    <cfelse>
    	No webapplication or user known...
    </cfif>
    I've stripped down google to find a solution, but without one found I now hope of someone on devshed knowing the answer. Thanks for any help!

    Best regards
    Maarten
    Netherlands
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2006
    Posts
    13
    Rep Power
    0
    [UPDATE]

    Seems it is server dependent. We have a testserver, and a live server. It is only happening on the live server with the same code. Guess it should be found in the Coldfusion Administrator.
  4. #3
  5. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,264
    Rep Power
    968
    If the CF administrator settings for session variables are the same on the different servers, the only way that should happen is if both applications use the same application name. Sessions are based on application name. I would check the application names set in the cfapplication tag or Application.cfc in both apps.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2006
    Posts
    13
    Rep Power
    0
    Thanks for the help,

    I took your advise and checked the applicationname. What I did is <cfdump> the whole application when a user has logged in. I did that in both applications. Both applicationnames are different after login.

    Furthermore, the testserver is sort of an exact copy with the difference there are some new developments on the test. But in the application.cfm (they do not use an application.cfc) we almost never apply any changes. So I'm still wondering why it does work on the testserver and not on the live.

    I checked the settings in CFIDE-admin but did not see any major differences. They are the same when it comes to "Memory Variables". There is a slight change in "Client Variables", but we are not talking about "Client Variables". And if I'm mistaken, then the only difference is the names you can see there.

    What else can it be?
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2006
    Posts
    13
    Rep Power
    0
    [UPDATE]

    What we see is this:

    When we login and check the cookie-info in Firefox Toolbar we see a number (CFID!). When we login into the external app the cookie-info number is changed.

    On the testserver this cookie-info stays the same after the login. That is why it works. But how come the cookie-info changes on the live and not on the test? Is it something in IIS maybe?
  10. #6
  11. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,264
    Rep Power
    968
    On test vs. production, are the domain for the two applications the different? e.g. app1.mysite.com vs app2.mysite.com? If they're different in production, that may be it. By default cookies are stored by domain, and each cookie name has to be unique. If that's the problem, you can take a look here: http://www.coldfusionmuse.com/index....and.subdomains
    Last edited by kiteless; January 11th, 2013 at 12:29 PM.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2006
    Posts
    13
    Rep Power
    0
    That seemed to work! Still weird, because it does not have to be used on the testserver. We use test.domain.com and data.domain.com. So I am guessing there's still something different somewhere in the settings on the server. In IIS or maybe in the Coldfusion administrator, although the latter does not seem to be so.

    But we're already glad the little tweak in the application-code works, so thank you for your help.

    Best regards,
    Maarten

IMN logo majestic logo threadwatch logo seochat tools logo