3 Replies Latest reply on Feb 1, 2007 11:08 AM by mvierow

    Sneaky way to call a ColdFusion page...

    Skemcin
      As my topic title/summary elude to, I am curious to know if anyone has successfully used the <img> tag to call a coldfusion page. This is an alternative to the <iframe> I am exploring for a single sign on solution.

      <img src=" http://www.externaldomain.org/sso-cookie.cfm?ssotoken=123456798" alt="runs script on extrernaldomain.org" /><br />


      I have sso-cookie.cfm page running some code and then returning a 1 pixel gif via <cfcontent>. But I want to set a cookie and or create a session from the call. It sort of make sense that I might only be able to run server side logic since the client would only be expecting an image back and therefor not be capable of utilizing any client side functions - i.e cookies.

        • 1. Re: Sneaky way to call a ColdFusion page...
          cpayne624
          Skemcin-

          I've certainly done some server-side processing via an image with CF before (for example, verifying that requests are local before showing photos) so that shouldn't be a problem.

          I haven't tried setting a cookie for an external domain, though... so I don't know if your cookie will be recognized when the user hits externaldomain.org. I'd suspect there are some sort of security implications with that. I'd be curious to see how this behaves...

          -Courtney
          • 2. Re: Sneaky way to call a ColdFusion page...
            Level 7
            > As my topic title/summary elude to, I am curious to know if anyone has
            > successfully used the <img> tag to call a coldfusion page.

            http://www.depressedpress.com/Content/Development/JavaScript/Articles/GIFAsPipe/Index.cfm

            Although it's a slightly outdated (and cumbersome) approach, it'll do
            exactly what you're after. You might want to do a search on AJAX, which is
            easier to do and more flexible.

            --
            Adam
            • 3. Re: Sneaky way to call a ColdFusion page...
              mvierow Level 1
              So what's the problem? There's no issues with doing this, except for people who choose the option to accept cookies from the originating domain only.. There's no way to track the session from an external site using the URL unless that external site is tracking it for you, like you've done in your example. You'll need to be really clever here if you want to avoid some issues. Otherwise you can hope people are accepting cookies from any source and move on knowing that your results may not be all that accurate if reliable sessions is what you are after.

              Turn on cookie alerts and browse around and see how many times your prompted to accept cookies from ad.doubleclick.net, or open an email advertisement and look at the source and see how many images have your email address or some type of unique referral in them to track if you've opened the email or not. This is a widely used technique, and one that a lot of spyware filters help people avoid. Keep all this in mind when you exercise the reliability of this technique.