In conclusion, it seems that the SESSION memory scope is tied to an application, not just to a CFID / CFTOKEN combination. Interesting, I would assume there would be somesort of validation here, but I guess the CFID / CFTOKEN values are more of an ID marker rather than systems integration value. I understand that ColdFusion is designed to accept CFID and CFTOKEN values passed in the URL, but the CFID and CFTOKEN passed in this case were not created by the ColdFusion application that created the destination session. is to use structure functions to ensure that the variable is defined in the scope we are expecting: if (session.keyExists(isloggedin) session. However, it is peculiar that the CFID and CFTOKEN passed in the URL were copied into the SESSION ID information. Because the session App value is different, it means that the second application, AppB, was the one that created the user session dumped out in the index page. Also notice that the SESSION.App value is AppB, NOT AppA.
Notice that the CFID and CFTOKEN values are the same in the URL and in the SESSION scope (12776230 respectively). Then, I have a simple index page which merely throws the user, via a CFLocation tag, up a directory and into another application: This way, I can dump out the session and see where it originated.
The only thing of importance here is that the application's name is AppA and that in the OnSessionStart() application event method, I am storing the name of the application into the session.
0 kommentar(er)
