SitePoint Sponsor

User Tag List

Results 1 to 22 of 22
  1. #1
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    global variables over two domain names

    I have two domains, the one is gisic.com and the other is dloger.com.


    Code:
    <cfapplication  
        name='myApplication' 
        sessionmanagement='yes'
        sessiontimeout='#createTimeSpan(0,0,20,0)#'
        applicationtimeout='#createTimeSpan(0,0,20,0)#'>
    
    
    <a href='http://www.gisic.com/test/co_variables.cfm'> gisic</a>
    <a href='http://www.dloger.com/test/co_variables.cfm'>dloger</a><br>
    
    
    
    <cfif cgi.SERVER_NAME is 'www.gisic.com'>
    
       <cfset session.co_session='co_session_gisic'>
       <cfcookie name="co.cookie" value='co_cookie_gisic'>
    
    </cfif>
    
    <cfif cgi.SERVER_NAME is 'www.dloger.com'>
    
       <cfset session.co_session='co_session_dloger'>
       <cfcookie name="co.cookie" value='co_cookie_dloger'>
    
    </cfif>
    
    
    <cfoutput>
    #cookie.co.cookie#
    </cfoutput>
    
    <cfdump var="#session#">
    You can see the result of the code above at http://www.gisic.com/test/co_variables.cfm or http://www.dloger.com/test/co_variables.cfm for some days.


    If you clicks the two links taking turn at http://www.gisic.com/test/co_variables.cfm or http://www.dloger.com/test/co_variables.cfm, you will notice the global variables are global over a domain name.

    What I want to tell you with the code above is that all variables, i.e. #cookie.co.cookie#, #co_session#. #sessionid#, #urltoken# are global over a domain name.

    But I like to make it global over two domain names.

    If the domain name is changed from gisic.com to dloger.com or from dloger.com to gisic.com, the global variables are no longer global any more.


    Can I get one global identifier which is over two domain names with your help?

  2. #2
    minister of propaganda silver trophy Rynoguill's Avatar
    Join Date
    Feb 2004
    Location
    Midsouth
    Posts
    1,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The only way this is possible at all of course is if both domains are running on the same box, using the same coldfusion instance. short of that your going to have to write a very complicated webservice system to do this. but assuming that is true, both domains are on the same server, you have two options.

    The first option, which I don't recommend is to store any "global" variables that you want accessible by both sites in the server scope. If you do this, you need to use strict locking and be very careful.

    The second option, which is what I do recommend, is to actually make both websites have the same application name. Then they will both share application and session (and client i believe??) variables across both domains.

    Does this help? Im not certain that I fully understand the question.
    rynoguill
    Ryan Guill, AKA Mark Roman

  3. #3
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Rynoguill
    The only way this is possible at all of course is if both domains are running on the same box, using the same coldfusion instance. short of that your going to have to write a very complicated webservice system to do this. but assuming that is true, both domains are on the same server, you have two options.
    Yes, both domains are on the same server.

    Quote Originally Posted by Rynoguill
    The first option, which I don't recommend is to store any "global" variables that you want accessible by both sites in the server scope. If you do this, you need to use strict locking and be very careful.
    What does the server scope mean?

    (I am using with checked Use J2EE session variables in CFAdministrator > Server Settings > Memory Variables .)


    Quote Originally Posted by Rynoguill
    The second option, which is what I do recommend, is to actually make both websites have the same application name. Then they will both share application and session (and client i believe??) variables across both domains.
    As I test, they don't share session although both sites have the same application name

    As I test, they don't share session although even both domains reach the same one coldFusion server page.

    Quote Originally Posted by Rynoguill
    Does this help? Im not certain that I fully understand the question.
    Yes, it is helpful.(I need more help...) And I think you understand my problem well.


    I use session for logIn.

    If a user logins in a site, I like to make keeping the login not only the site and but also the other site without another login.

  4. #4
    minister of propaganda silver trophy Rynoguill's Avatar
    Join Date
    Feb 2004
    Location
    Midsouth
    Posts
    1,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah, I think i understand your problem now. I don't have an environment readily available at the moment to test this myself, so if you will do me a favor: you say you have the same application name right? can you verify that they do share the same application scope? in one of your domains, set <cfset application.foo = "bar" /> and in the other dump <cfdump var="#application.foo#" />

    hit the application that sets the variable first and then hit the application that dumps it to see if it is defined.

    If so I may have an answer, but its going to take a little work.

    Also, the server scope is just another scope, like session or variables, only that it is global to the entire coldfusion instance, not only to an application or session or page. I don't think you are going to need the server scope for this though.
    rynoguill
    Ryan Guill, AKA Mark Roman

  5. #5
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Rynoguill
    hit the application that sets the variable first and then hit the application that dumps it to see if it is defined.
    Yes, It is, indeed, defined.

    Quote Originally Posted by Rynoguill
    If so I may have an answer, but its going to take a little work.
    I think I've got an important hint for keeping the logIn over both domain names.


    Quote Originally Posted by Rynoguill
    Also, the server scope is just another scope, like session or variables, only that it is global to the entire coldfusion instance, not only to an application or session or page. I don't think you are going to need the server scope for this though.
    What is server scope? Is application.foo is a server scope?

  6. #6
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by joon
    As I test, they don't share session although both sites have the same application name
    I was in the exact same situation and I couldnt get this to work either.

  7. #7
    SitePoint Guru
    Join Date
    Jul 2005
    Posts
    609
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My theory would be that the sites are storing the Session ID information in client cookies, and cookies cannot be read across the domains, and therefor a new session is created.

  8. #8
    minister of propaganda silver trophy Rynoguill's Avatar
    Join Date
    Feb 2004
    Location
    Midsouth
    Posts
    1,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by joon
    What is server scope? Is application.foo is a server scope?
    Server scope is just another scope like session or application, only the variables inside of it are available across the entire coldfusion server. to see the server scope variables you can use <cfdump var="#server#" />. It will show you your coldfusion version number there too.

    To store something in the server scope, you just use it like any other variable:

    <cfset server.foo = "bar" />

    only you need to strictly use locking because race conditions are common with shared scopes like this. The server scope is good for some sort of configuration details that need to be available server wide, but other than that you really shouldn't use it. Especially in a shared hosting environment!!

    I have been thinking about this all weekend, and since as I had suspected the application scope is shared across your domains if you use the same application name in your cfapplication tag, I know this could be possible, but its going to be quite difficult.

    Like Chrisk said, the problem with your session variables not carrying over is because of the domain name itself: the cfid and cftoken is stored in a cookie in the clients browser, and the cookie is for a very specific domain. When that domain changes, coldfusion realizes this and sets a new, different cookie giving you a new cfid and cftoken.

    Basically, there are a few ways of going about this and all have their problems. You can do what google does for one. All of googles domains are something.google.com. So all of their session id's (similar to our cfid and cftokens) are set using the domain .google.com. This allows any subdomain to access those cookies, but only works if you are using subdomains, it wouldnt work if you are using a.com and b.com.

    You could come up with a complex scheme of putting an service object in your application scope to manage sessions, but this would be a lot of work and you would still have to find some way to uniquly identify a client browser which is no small feat. Especially if this is a public facing website where you cannot really depend on cookies.

    im sure there would also be a way to do this with a flash local data object, but this is beyond me at this point.

    unfortunately, I dont really have an environment available right now to test this sort of thing so I dont know how much help I can be. Personally, I would do some more research into the way google does things, and see if you can find a reliable way to know who is who on a client side (short of the person logging in.) If you can keep track of the individual browser consistently, you could get a lot further.
    rynoguill
    Ryan Guill, AKA Mark Roman

  9. #9
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Rynoguill
    Like Chrisk said, the problem with your session variables not carrying over is because of the domain name itself: the cfid and cftoken is stored in a cookie in the clients browser, and the cookie is for a very specific domain. When that domain changes, coldfusion realizes this and sets a new, different cookie giving you a new cfid and cftoken.
    When I realized this was going on, I began to look for the solution of my problem in a lateral direction, going back to "what do I really need to have happen" .. I ended up with the idea to pass secure url variables between the sites with cfusion_encrypt() function.

    Securing your applications URL variables

    Looking at the posts, Im not really sure what your trying to do by sharing the variables..

    Maybe you can create your own 'session' system and your own unique ID and store it in the db. If both sites access the same pages / functions, I dont see why it couldnt share data..

  10. #10
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Rynoguill
    I have been thinking about this all weekend, and since as I had suspected the application scope is shared across your domains if you use the same application name in your cfapplication tag, I know this could be possible, but its going to be quite difficult.

    I found the following by several tests

    (1) application scope doesn't discriminate domains and doesn't discriminate browsers.

    (2) session scope does discrimnate and does discriminate browsers.


    If a scope doesn't discrimnate domains, it means I can use same identifier across domains.

    If a scope doesn't discrimnate browsers, it means I can't discrimnate each member which approachs with different browsers.

    So in order to make the logIn meaningful,
    I like to find any variables which does discriminate browsers but doesn't discriminate domains.

    Can I get such scope with your help?


    Quote Originally Posted by Rynoguill
    I dont really have an environment available right now to test this sort of thing
    You don't need to have an environment available right now to test this sort of thing.

    You just tell your thinking on this sort of thing, I'll test it.


    Quote Originally Posted by Rynoguill
    I dont know how much help I can be.
    I know your comment will be great helps.

  11. #11
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    (1) application scope doesn't discriminate domains and doesn't discriminate browsers.
    This is similar to what I said as a solution. You need to either save the info in an app level variable structure /or/ store it in your own system in a database that both sites mutually access.

  12. #12
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MCsolas
    You need to save the info in an app level variable structure
    What is app level variable structure? Does it mean application variables which is set by the code like <cfset application.member='Tom'>?



    Quote Originally Posted by MCsolas
    store it in your own system in a database that both sites mutually access.
    store application variables or session variables in my database?

    (fortunately the two sites mutually access a database of mine.)

  13. #13
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by joon
    (fortunately the two sites mutually access a database of mine.)
    I had a feeling this might be the case ( when you referred to reaching the same pages )

    In either case, your answer is the same. If you want to save the info .. you have to create your own login system. In particular, you need to create a variable called "mySessionID" and store it in a dataset.

    UserTableRowID | CreateUUID()

    Then whatever UUID is created, pass that in the url. This will now allow both sites to do a query against this dataset ( I like to use cached queries for this type of work ) ..

    Otherwise, I wouldnt know how to persist a unique value to 'hold on to' across 2 domains.

    Trust me, Ive already been in this boat, hacked it and was about to post a similar but much more detailed post on the subject when I came across this thread...

  14. #14
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by joon
    What is app level variable structure? Does it mean application variables which is set by the code like <cfset application.member='Tom'>?
    store application variables or session variables in my database?
    sorry if my last post isnt a cf solution - your asking a lot inside those questions.

    Application.MyUserSystem.CachedQueryLoggedInUsers
    or
    Appication.Users.Live

    The variable (.Live) would probably be a query if I programmed the solution.

    * Not responsible if this solution blows up your webserver. I dont generally do this.

    ** Why I also suggest temporary tables

  15. #15
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MCsolas
    UserTableRowID | CreateUUID()
    Let's suppose mySessionID for a user is "Tom"


    Should I save it like the below.

    Code:
    data in myTable
    
    (id) sessionID
    
    (1)  Tom
    If data in myTable above is right, How can I make keeping the logIn when he moves to a site to the other site with the data in myTable above?

  16. #16
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by usachrisk
    My theory would be that the sites are storing the Session ID information in client cookies, and cookies cannot be read across the domains, and therefor a new session is created.
    How can a new session be created if cookies cannot be read across the domains?

    How can I keep the identity of session across domains?

  17. #17
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    CreateUUID(), always pass it when the user switches sites. Then when the person lands.. try this code:
    <cfid isdefined(url.uuid)>run a function that looks up the table info, you have now passed any data you need</cfif>

    Im taking this a step further and using the encryption method. Im going to pass the link with a seeded, encrypted login / password. Just because Im crazy like that.

  18. #18
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MCsolas
    CreateUUID()
    The full word for USA is United States of America.
    Then, what is the full word for UUID?


    Quote Originally Posted by MCsolas
    CreateUUID(), always pass it when the user switches sites. Then when the person lands.. try this code:
    <cfid isdefined(url.uuid)>run a function that looks up the table info, you have now passed any data you need</cfif>
    I have to make that it always has a url parameter "url.uuid" whenever a user switches sites?

  19. #19
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Check out the cf documentation on the function..

  20. #20
    Take The Blue Pill neilmerton's Avatar
    Join Date
    Jul 2004
    Location
    Leicester, UK
    Posts
    871
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    UUID = Unique Uniform Identifier ?

  21. #21
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    CreateUUID
    Creates a Universally Unique Identifier (UUID). A UUID is a 35-character string representation of a unique 128-bit integer.

    At this point Im copying and pasting out of the cf documentation, which means its time to go read..

  22. #22
    Get my greedy down dotJoon's Avatar
    Join Date
    Apr 2003
    Location
    daejeon, South Korea
    Posts
    2,223
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MCsolas
    CreateUUID
    Creates a Universally Unique Identifier (UUID). A UUID is a 35-character string representation of a unique 128-bit integer.

    At this point Im copying and pasting out of the cf documentation, which means its time to go read..
    Thank you for your continous conern.


    I made the code below.

    Code:
    http://www.myDomain1.com/createuuid.cfm
    
    <h3>CreateUUID Example</h3>
    <p> This example uses CreateUUID to generate a UUID 
    when you submit the form. 
    You can submit the form more than once. </p>
    
    <!--- Checks whether the form was submitted; if so, cre
    ates UUID. --->
    
    <cfif IsDefined("Form.CreateUUID") Is True>
       <hr>
       <p>Your new UUID is: <cfoutput>#CreateUUID()#</cfoutput></p>
    </cfif>
    
    <form action = "createuuid.cfm">
    <p><input type = "Submit" name = "CreateUUID"> </p>
    </form>
    Although I submit the button, It seems My new UUID is not created.

    How can I create the new UUID?
    What code do I need to add for creating UUID?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •