Menu
I have multiple CF applications running on the same server under the same domain name. One of them, let's call it Portal, is intended to be the single sign-on for the other applications, which let's call Atlas and P-Body. Normally you would set some variables in the session scope to handle login info:
function Login()
{
session.auth = structNew();
session.auth.isLoggedIn = true;
session.auth.id = GetCurrentUserId();
}
But the session scope is only shared within one application, not the entire server. This means that any user who logs into Portal will stay logged in, but if they try to navigate to Atlas or P-Body, they will have to sign in again.
In this case, how would I 'share' the session scope so that all the applications on a server can get access to it? The only way I've been able to come up with is to use client variables and set a data store so that it's shared between applications. Then the code becomes:
function Login()
{
client.auth = structNew();
client.auth.isLoggedIn = true;
client.auth.id = GetCurrentUserId();
}
function Logout()
{
structDelete(client, "auth");
}
The thing to watch out for here is that, because the client variable is not cleared on session end, we have to manually clear it in the OnSessionEnd handler.
Is this the best way of handling single sign-on in ColdFusion? If so, are there any drawbacks to using the client variable, or pitfalls to watch out for?
Update: I just tested the client variable method and it looks like only the hitcount, timecreated, lastvisit, and urltoken are shared between applications, so I'm back to square 1.
771
Posting this as the answer given new information.
Caveat
Ensure that all of the applications have either a) unique application scope names for persistent variables, or b) all application scope variables for the same purpose are named the same.
Alright, with that out of the way, if all of your applications are on a single domain in subfolders, then change this.name or the name attribute of cfapplication the same, and all of the applications will share the same session and application scope variables. This will ensure that if you use session.loggedin in one app, that same session.loggedin variable will be available to all applications with the same name under that domain.
You just have to test carefully to make sure that you don't end up using Application.LoginService in Portal for your LoginService.cfc, and Application.LoginService in Atlas for either a different LoginService.cfc, or a completely different purpose altogether.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
