NYCPHP Meetup

NYPHP.org

[nycphp-talk] Maintaining sessions between PHP and CFs

Mark Armendariz nyphp at enobrev.com
Wed Mar 9 04:39:05 EST 2005 

> I've done this, albeit "asynchronous," meaning that folks were logging
> into a CF application and I wanted them to be authenticated securely on a
> remote PHP server.
> 
> When the user logged in at the CF site, a single line of CF code did the
> trick, and "called-ahead" to the PHP application.  I forget the exact
> syntax in CF, but it was something like this:
> 
> <cfhttp
> request=http://my.php.site.com/protected/preauth.php?sessionid=kdj39ks932k
> 98s>

This had crossed my mind.  As a matter of fact, I'm using similar means to
clock my MySQL queries (currently with adodb's logger and performance
functionality).  And if I didn't have control over the CFAdmin, this is most
likely the way I'd go.

I had this notion that there had to be a way to use the session data across
languages.  After all, it's all just data stored *somewhere on the server.

Well, Cold Fusion 'Session' variables are stored in RAM, with no options to
store them in a database.  This wouldn't do.

It turns out though, that their 'Client' scope (which is meant for prolonged
client session vars - server side) can be stored in the database AND can be
made to act like their session variables (expiring upon browser close).

I chose my db, it created the tables and now every session carries a record
in my database with a # delimited list of values (no structures, although I
could probably WDDX something together if I gave a damn about complexity).

Just as well, a CFID/CFTOKEN pair is given to every browser (or added to
links should cookies be disabled).  So I use that cfid cookie / param,
search the CF client's database for the user's session and viola.

I've been doing it in a very basic manner thus far.  I'm sure I'll write
some sort of session handler for it one of these days - time permitting, but
for now I'm all set.

Best of all, it was a quick and easy solution without having to build /
replace any internal functionality.  I can update the CF client variables
via sql calls and when the user returns to a CF page the cookie will be
there so the session will remain active.  I'll probably have to add
CFID/CFTOKEN's to url's for non-cookie setups...

Ok, now back to my 'explains' and query tweaks.

Thank you all for your great responses!

Mark

More information about the talk mailing list
Automatic Email Organization without missing anything!