NYCPHP Meetup

NYPHP.org

[nycphp-talk] Maintaining sessions between PHP and CFs

Mark Armendariz nyphp at enobrev.com
Wed Mar 9 04:39:05 EST 2005 

> I've done this, albeit "asynchronous," meaning that folks were logging
> into a CF application and I wanted them to be authenticated securely on a
> remote PHP server.
> 
> When the user logged in at the CF site, a single line of CF code did the
> trick, and "called-ahead" to the PHP application.  I forget the exact
> syntax in CF, but it was something like this:
> 
> <cfhttp
> request=http://my.php.site.com/protected/preauth.php?sessionid=kdj39ks932k
> 98s>

This had crossed my mind.  As a matter of fact, I'm using similar means to
clock my MySQL queries (currently with adodb's logger and performance
functionality).  And if I didn't have control over the CFAdmin, this is most
likely the way I'd go.

I had this notion that there had to be a way to use the session data across
languages.  After all, it's all just data stored *somewhere on the server.

Well, Cold Fusion 'Session' variables are stored in RAM, with no options to
store them in a database.  This wouldn't do.

It turns out though, that their 'Client' scope (which is meant for prolonged
client session vars - server side) can be stored in the database AND can be
made to act like their session variables (expiring upon browser close).

I chose my db, it created the tables and now every session carries a record
in my database with a # delimited list of values (no structures, although I
could probably WDDX something together if I gave a damn about complexity).

Just as well, a CFID/CFTOKEN pair is given to every browser (or added to
links should cookies be disabled).  So I use that cfid cookie / param,
search the CF client's database for the user's session and viola.

I've been doing it in a very basic manner thus far.  I'm sure I'll write
some sort of session handler for it one of these days - time permitting, but
for now I'm all set.

Best of all, it was a quick and easy solution without having to build /
replace any internal functionality.  I can update the CF client variables
via sql calls and when the user returns to a CF page the cookie will be
there so the session will remain active.  I'll probably have to add
CFID/CFTOKEN's to url's for non-cookie setups...

Ok, now back to my 'explains' and query tweaks.

Thank you all for your great responses!

Mark

More information about the talk mailing list