Stillnet Studios

In a couple application’s I’ve found it necessary to send a user to another ColdFusion server, but still maintain their current session. Usually this is for a payment gateway, or encryption process, or some other kind of functionality that only exists on that other server. In CF5 this was pretty straight forward. You set up both servers to access the same client variables database, then provide an HTML link (or a cflocation tag) that jumps the user to the other server, keeping their CFID and CFToken on the URL. The second server will see those URL values and use them, instead of generating new CFID/CFToken values as it normally would. I had both servers setup something like this:

<cfapplication name="myapp"
setclientcookies="Yes"
clientmanagement="Yes"
clientstorage="MyClientVarsDatasource">

This is a little different in CFMX onward. Having the url tokens on the URL still prevents ColdFusion from creating them, and it instead uses the ones provided for the current request – just like we want. But it does not send cookies to the client with these tokens, even though we are specifying setclientcookies=”Yes” in the cfapplication tag (or Application.cfc). So while first page on the new server works (because the CFID/CFToken are still on the URL), if they click a link to access a second page they will have lost their session.

The way to fix this to turn setclientcookies off and set the cookies yourself:

<cfapplication name="myapp"
setclientcookies="No"
clientmanagement="Yes"
clientstorage="MyClientVarsDatasource">

<cfcookie name="CFID" value="#CFID#">
<cfcookie name="CFToken" value="#CFToken#">

This will cause cookies to be set in the browser for this second server, tying their session there.

In the couple times I’ve needed to do this the applications were using Application.cfm files, not Application.cfc. I’m guessing the only consideration when doing this with Application.cfc would be – where would the cfcookie tags go? I’m guessing in OnRequestStart().