0 Replies Latest reply on Mar 26, 2013 9:17 PM by devlosh

    Coldfusion 10 : jessionid not working when passed in url


      We are migrating from ColdFusion 8 to 10. Our application is having functionality written in .NET as well however the session is maintained in coldfusion only.

      current architecture in Coldfusion 8 for .net and CF integration:

      1. Session is set when user logs in to the app (In CF). (We are using J2EE session.)
      2. when a user clicks on .net link, Jsessionid,CFID and CFTOKEN are passed to .net page via url.
        Inside .net code the following steps are done to check session.

      2a. call a common function which will do a coldfusion file request (chkSession.cfm) with jsessionid in url.

      2b. chkSession.cfm will return session.UID if available else will return -1. Session.UId will be available if the jsessionid in url is valid.

      2c. .net page will be loaded if valid UID is returned. User will be redirected to login page if -1 is returned.

      Issue in CF 10:

      In CF 10 , always we are getting -1. I read that as part of security enhancement in cf10, we will not be able to recreate a Coldfusion session by passing cfide, cftoken, jsessionid in url.

      I would like to get your advice on what is the best way to make our .net functionalties work in Coldfusion 10. is there any better way to check coldfusion session from .net ? One option I can think of is using database. I looking forward to a solution that can be implemented quickly and is robust.


      Thanks, Devlosh