NYCPHP Meetup

NYPHP.org

[nycphp-talk] Maintaining sessions between PHP and CFs

Hans Zaunere lists at zaunere.com
Tue Mar 8 16:44:55 EST 2005 

I’ve done this, albeit “asynchronous,” meaning that folks were logging into a CF application and I wanted them to be authenticated securely on a remote PHP server.

When the user logged in at the CF site, a single line of CF code did the trick, and “called-ahead” to the PHP application.  I forget the exact syntax in CF, but it was something like this:

<cfhttp request=http://my.php.site.com/protected/preauth.php?sessionid=kdj39ks932k98s>

The protected/ directory was protected by IP restrictions, and not linked to from anywhere.  The sessionid was a md5 hash.

So, naturally, the user would login on the CF side, which would call ahead to the PHP application.  This was only done once, since all I needed to do was keep track of whether they’ve authenticated or not, and it was asynchronous, that is the PHP application never called back to CF.

But the same principal could easily be applied and expanded upon.  For instance, both the CF and PHP applications would have hidden pages, and object/arrays/etc could be serialized or converted to GET/POST/cookies to transport the information.  Simply forming your own HTTP requests would give you a lot of flexibility – you could even imbed the information into the HTTP header if you wanted.  You could use XML for this, but I don’t really see any advantage, unless your session data is extremely complex, which it shouldn’t be any way ☺

H


________________________________________
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Mark Armendariz
Sent: Monday, March 07, 2005 8:41 PM
To: 'NYPHP Talk'
Subject: [nycphp-talk] Maintaining sessions between PHP and CFs

My client’s site is all Cold Fusion right now (been writing / maintaining it for about 5 years now), but some things are just far more efficient with PHP and since the traffic is growing exponentially, I’d like to utilize the best of both worlds.

I just converted the database from SQL Server to MySQL since I’m far better at tweaking with MySql.  I figure I can put the sessions in the database and carry them over between the two.  Probably CF Client Variables and a custom session handler in php, I suppose.

This job is nearing it’s budget limits, so I’d rather use something already in use rather than take the time to write something.  Have any of you ever done this or know of any libraries that exist for this?

(PHP 4.3.1 and CFMX 6.1 on IIS using MySql 4)

Thanks!

Mark Armendariz

More information about the talk mailing list