Coldfusion Pass Session Variables from 1 Application to another

Hi, I have two entire different stated/defined applications.  One application has a login system.  I'd like to pass the login variables (session.login , session.userid) from the application that establishes them to the application that doesn't have them.  How do I go about something like this?

Thanks for any help.
Who is Participating?
Sure, it's easy.   A hash is a one-way encryption.  

The coldfusion function hash() does it.   So if you hash(123) you may get XLKJDFLKDJFLKJ91820
So you store both values in a cookie.   Then after your read the 123, you check the hash to see if they match, you do this by simply rehasing the 123 and seeing if it matches the cookie hash.

Set the user_id and the hashed user_id to the cookies...
 <cfset user_ID = 123>
 <cfcookie name="theID" value="#user_id#">
 <cfcookie name="theCode" value="#hash(user_id)#">

Now read them...
 <cfset user_id = cookie.user_id>
 <cfif  cookie.theCode is NOT hash(user_id)>
     ALERT USER_ID has changed! <cfabort>

But to do a really good job of this, you need to add a little "salt"  (yes it's really called that)
That means you take a secret word and combine it with your user_id when you hash it.  That makes it impossible for someone to fake the user_id AND fake the hash!

In your application.cfm file you can setup a global variable to hold your secret password
<cfset application.salt = "ASecr3t!@W0rD#$$">

Then add it to the hash...
<cfcookie name="theCode" value="#hash(user_id & application.salt)#">

Of course when checking, you must include it there as well...
 <cfif  cookie.theCode is NOT hash(user_id & application.salt)>

erikTsomikSystem Architect, CF programmer Commented:
the session variables once established can be called by its name
wkolasaAuthor Commented:
When I'm in, let's call the applicationA and applicationB...  when I switch to applicationB (sep. application.cfm file establishing its own session management, etc...), applicationA's session variables aren't accessible when calling them by name.  Can I call them like this:  applicationA.session.userid  ??
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

I do something similar i think that you need to do by passing the session over 2 domains. On the link that leaves domain one I leave the tokens in the URL, Then in domain two I reassign them. For example:
//Domain 1 has
<a href="">Link>
//On domain 2 i catch the URL and reassign the vars
<cfif isdefined("URL.CFID") AND URL.CFID NEQ "">
	<cfcookie name="CFID" value="#URL.CFID#">
	<cfcookie name="CFTOKEN" value="#URL.CFTOKEN#">
//Please note though that this will only work if both domaisn or apps are on the same server.

Open in new window

If you only need a couple session variables, such as login (user_id), you can place them in a browser cookie to be grabbed by the other application.  

If you need a lot of session information, then rather than impersonating the other session, just use the same application name in your cfapplication tag.  Then both apps will share the same sessions.
wkolasaAuthor Commented:
Both app's use different login systems (I have no idea why, I'm new to this company.  I can tell you that no system at this company makes any sense whatsoever... too many 'contractors' over too many years).  So, b/c they both use their own session.whatevers for logins and other things, I'm stuck having to devise a secure way of passing around loginIDs & userNames.  
So, it sounds like you don't want to share their sessions, only their logins.  I would use the browser cookie approach.

<cfcookie name="SysA_User_ID" value="123">

With no expiration date, the cookie will not be written to disk and will disappear when the browser is closed.

You can also add a hashed value to ensure someone is not trying to hack into the other system by adding their own cookie with user_id
wkolasaAuthor Commented:
I know very little about adding hashed values... do you have an example?
wkolasaAuthor Commented:
Thank you!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.