If I have multiple CF8 servers, can a user login on one server, but share the login credential among all servers (no re-login required)?
+7
A:
Maybe question is about sharing session? This can be done using serialized J2EE sessions or using shared client variables.
For example, this can be done in following way.
Create empty database on one of servers (I've created MySQL one). Create datasources pointing to this DB on all CF servers. Use this datasource as Server Settings > Client Variables > client sessions storage with name SharedSessions (we'll use it later).
If we're using cflogin in Application.cfm on all servers, it's code can look this (simplified) way:
<cfapplication
name="shared_session_test"
sessionManagement="true"
clientmanagement="true"
clientstorage="SharedSessions" />
<cflogin>
<cfif IsDefined( "cflogin" ) and cflogin.name eq "admin" and cflogin.password eq "admin">
<cfset user_roles = "administrators" />
<cfset user_name = cflogin.name />
<cfset user_password = cflogin.password />
</cfif>
<cfif IsDefined( "user_roles" )>
<!--- push login params into shared client scope --->
<cfset CLIENT.user_roles = user_roles />
<cfset CLIENT.user_name = user_name />
<cfset CLIENT.user_password = user_password />
<cfelseif IsDefined( "CLIENT.user_roles" )>
<!--- restore login params from shared client scope --->
<cfset user_roles = CLIENT.user_roles />
<cfset user_name = CLIENT.user_name />
<cfset user_password = CLIENT.user_password />
</cfif>
<cfif IsDefined( "user_roles" )>
<cfloginuser name="#user_name#" password="#user_password#" roles="#user_roles#">
<cfelse>
<!--- authentication failed - send back 401 --->
<cfsetting enablecfoutputonly="yes" showdebugoutput="no">
<cfheader statuscode="401">
<cfheader name="WWW-Authenticate" value="Basic realm=""MySecurity""">
<cfoutput>Not authorized</cfoutput>
<cfabort />
</cfif>
</cflogin>
<cfoutput><p><a href="http://other.server.com/index.cfm?#CLIENT.urltoken#">other.server.com</a></p></cfoutput>
Now these show the same on both servers:
<cfdump var="#getAuthUser()#">
<cfdump var="#CLIENT#">
Sure, there's much to do here to make process better and more secure, just described the general idea.
Hope this helps.
Sergii
2009-04-03 12:38:11
the was an excellent and very clean write up. +1
rip747
2009-04-03 13:56:32
This solution only works when both CF instance is under the same server, or clustered, right?
Henry
2009-04-03 18:57:58
@Henry I've used this solution for different servers. Even more, one of them was on Linux box, other on Win3k. Shared DSN was on win one, so another need to have (enough quick) access to it, say to be in same datacenter. Havent tried in clustered, sorry.
Sergii
2009-04-03 20:56:21