Quick Tip: Store Structures in Client Variables Using WDDX So They Can Be Clustered
The question was whether session variables could be kept when moving into a secure area or would one need to use form.URL vars. The answer is no. Session management is maintained using cookies on the client's computer, but for security reasons, cookies that identify the user will only be sent to the server if the domain name matches. When the domain name changes, as when moving to a secure area, the cookie isn't sent from the browser; ColdFusion doesn't know who the client is and doesn't give access to the session variables.
One advice given was to pass the information using a URL parameter or by a Form. However, another webmaster went back to cookies, because passing such info through URLs "is unwise and far less secure." He also recommended buying a separate security certificate, and noted that cookies also reduced the frustrating problem of session variables were timing out erratically. On the other hand, a third webmaster noted that "Cookies are almost as insecure as URL parameters in a non-SSL environment."
Finally, Joel Cass suggested that, "Since session variables seem to be linked to client variables, ? if you have a database server that is accessible to yourself and the ISP, create a data source on that server, specifically for storing client variables, which can be set up through the administrator.
"Now, when relocating the user to the secure server, try appending the cftoken and cfid cookie variables to the URL, or use a <cflocation addtoken="yes"> to the secure server.
"It's a long shot, but if your setup can handle it, the solution could work."
Geoffrey Bowers offers one cautionary note: "Both client variables and session variables use CFID/CFTOKEN either as a cookie or URL parameter.
"In a clustered environment session variables ARE NOT shared across the servers. There are workarounds though, including "sticky" session management where the user is forced back to the same server each time.
"If you use client variables (and these are quite distinct from session variables), they can certainly be stored in a central repository. The problem is that client variables can only be simple text values and you can't use arrays or structures.
"A clever trick you can use is to store session information in the client variables with WDDX. That allows you to use complex data types and still use client variables."
This is such a good idea that Fred Sanders has written CF_Roaming_Sessions and put it in the Allaire tag gallery to make the process more transparent: CF_Roaming_Sessions Tag. Description: Allows Session Variables in a Load Balanced Environment Without Resorting to "Session Aware Load Balancing," using WDDX packets.
Source: ACFUG Mailing List
Latest ColdFusion Talk (CF-Talk)
- Question for UK List Members
- query of query strange error
- Files are getting uploaded full of zeros after CF9 upgrade
- cfmail to Exchange using TLS
- How to prevent cfhtmlhead content from being inserted into cfmail
- Excel 2003/2007 Recalculating Interaction
- Coldfusion Hosting
- Problems verifying integers
- CFHIGHCHARTS
- Need to get at browser size and Flash support
Latest ColdFusion Jobs (CF-Jobs)
- Mid to Sr Level Web Application De veloper – position 3510-1 - CA or NC
- Contract to Hire in Irvine, CA
- Telecommute Contract Position - Mid to Experienced ColdFusion Programmers Only
- Need a Coldfusion Developer at Woodlawn MD for a Long Term Contract
- (JOB) ColdFusion Programmer Needed (Ocean Isle Beach, NC) Raleigh,NC
- Cold Fusion SQL Server and JavaScript Developer
- (JOB) ColdFusion Programmer Needed (Ocean Isle Beach,NC) Wilmington,NC
- *** Professional Services Available For Hire
- (2) ColdFusion Experts to support FAA Senior Executives
- (JOB) ColdFusion Developer in Florida!!!
