i have one site and it has some sub domains and i ...
# cfml-generalg
gsr
08/25/2022, 9:16 PMi have one site and it has some sub domains and i am trying to use sesions across subdomain,
so i have test.mydomain.com which calls the windows authentication to testwindowsauth.mydomain.com
and sets some session variables, i want once it is logged or not logged, i should be able to use the sessions being setup on ayth on test so i do not have to write logic to pass the session data throuhg the url, its a security issue which is making a problem
s
Scott Bennett
08/25/2022, 9:19 PMI believe you will need to use setDomainCookies=true in your application.cfc/cfapplication
g
gsr
08/25/2022, 10:07 PMi got application.cfm in both
gsr
08/25/2022, 10:07 PMso which one should have it
gsr
08/25/2022, 10:07 PMand how i see the sessions travelled
s
Scott Bennett
08/25/2022, 10:13 PMAre both applications on the same server?
Scott Bennett
08/25/2022, 10:25 PMif your applications are both on the same server then in your application.cfm files cfapplication tags you can give them both the same application name and use setDomainCookies=true then the session scope should be shared across both applications.
Scott Bennett
08/25/2022, 10:28 PMif your two sites are on separate servers, it gets a little more tricky. I would probably utilize the client scope for that and set both servers to share the same client variable storage. (You would still need to use setDomainCookies, but you can't share a session scope accross two separate servers).
g
gsr
08/26/2022, 1:44 PMwe basically have 3 servers which we are using. but every server has same conbfigratiuon and same database and source and cfm files
gsr
08/26/2022, 1:44 PMtrhe applicatoin name is same for both
gsr
08/26/2022, 1:44 PMi also have Application.cfm in both the folders. auth and the one without Auth, which should have the code you mentioned, both or just one
s
Scott Bennett
08/26/2022, 2:34 PMIn this case I usually use client variables instead of the session scope. If you set up a client variable database, and then configure that to be used on all 3 servers, and specify the setdomaincookies in your cfapplication tags in application.cfm then the client scope will be shared automatically across the 3 servers.
Scott Bennett
08/26/2022, 2:41 PMthe client scope then essentially becomes the storage place for maintaining state between the 3 servers, so when a user logs in, you would something like the logged users userid in client.userid instead of session.userid.
g
gsr
08/26/2022, 2:44 PMso do you have any code sample which i can follow it as a trail to check what is going on
Scott Bennett
08/26/2022, 2:48 PMstart by reading that. it is pretty straightforward
Scott Bennett
08/26/2022, 2:49 PMjust create an empty database and add it as a datasource on all 3 servers (coldfusion will create the tables and stuff it needs automatically). Then in your application.cfm files modify the cfapplication tags to have these attributes:
clientmanagement="Yes" clientstorage="mydatasource" setdomaincookies="yes"
Scott Bennett
08/26/2022, 2:49 PMthen the applications on the 3 servers will share the client scope
Scott Bennett
08/26/2022, 2:52 PMScott Bennett
08/26/2022, 2:53 PMyou will want to make sure to enable the "Use UUID for cftoken" option to ensure unique cftokens accross all 3 servers on the CF Administrator server settings screen