Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sharing login credentials between ColdFusion servers?

Tags:

coldfusion

If I have multiple CF8 servers, can a user login on one server, but share the login credential among all servers (no re-login required)?

like image 498
Henry Avatar asked Nov 21 '25 00:11

Henry

1 Answers

Maybe question is about sharing session? This can be done using serialized J2EE sessions or using shared client variables.

For example, this can be done in following way.

Create empty database on one of servers (I've created MySQL one). Create datasources pointing to this DB on all CF servers. Use this datasource as Server Settings > Client Variables > client sessions storage with name SharedSessions (we'll use it later).

If we're using cflogin in Application.cfm on all servers, it's code can look this (simplified) way:

<cfapplication
    name="shared_session_test"
    sessionManagement="true"
    clientmanagement="true"
    clientstorage="SharedSessions" />

<cflogin>

    <cfif IsDefined( "cflogin" ) and cflogin.name eq "admin" and cflogin.password eq "admin">
        <cfset user_roles = "administrators" />
        <cfset user_name = cflogin.name />
        <cfset user_password = cflogin.password />
    </cfif>

    <cfif IsDefined( "user_roles" )>
        <!--- push login params into shared client scope --->
        <cfset CLIENT.user_roles = user_roles />
        <cfset CLIENT.user_name = user_name />
        <cfset CLIENT.user_password = user_password />
    <cfelseif IsDefined( "CLIENT.user_roles" )>
        <!--- restore login params from shared client scope --->
        <cfset user_roles = CLIENT.user_roles />
        <cfset user_name = CLIENT.user_name  />
        <cfset user_password = CLIENT.user_password  />
    </cfif>

    <cfif IsDefined( "user_roles" )>
        <cfloginuser name="#user_name#" password="#user_password#" roles="#user_roles#">
    <cfelse>
        <!--- authentication failed - send back 401 --->
        <cfsetting enablecfoutputonly="yes" showdebugoutput="no">
        <cfheader statuscode="401">
        <cfheader name="WWW-Authenticate" value="Basic realm=""MySecurity""">
        <cfoutput>Not authorized</cfoutput>
        <cfabort />
    </cfif>

</cflogin>

<cfoutput><p><a href="http://other.server.com/index.cfm?#CLIENT.urltoken#">other.server.com</a></p></cfoutput>

Now these show the same on both servers:

<cfdump var="#getAuthUser()#">
<cfdump var="#CLIENT#">

Sure, there's much to do here to make process better and more secure, just described the general idea.

Hope this helps.

like image 95
Sergey Galashyn Avatar answered Nov 24 '25 22:11

Sergey Galashyn
Sign in to Comment

Related questions

Stop ColdFusion from sorting my structs/arrays
How to pass metadata for stripe payments in ColdFusion cfpayment library?
ColdFusion - HTTP chunk missing first character
jQuery Validate and Ajax - resetting validation after fail

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!