Skip to main content
A
Adrian Ciocalau
Known Participant
June 17, 2011
Answered

SESSION variables across subdomains. How to make them visible?

  • June 17, 2011
  • 1 reply
  • 7904 views

Hi everybody!

I have a website and for some reasons, many subdomains, as part of the same website. Some kind of mainstore.com and phones.mainstore.com, laptops.mainstore.com, and so on.

The problem I am facing is I can't make SESSION variables (and COOKIES) visibile between them. If I login from the first page (mainstore.com) everything is ok, but if I then navigate to phones.mainstore.com, the website is showing me I am not logged in, of course, because SESSION variable used to check if a user is logged in or not is not visible on that subdomain.

I read a lot of articles about this problem, some of them are offering solutions but none worked for me.

Here are the facts:

ColdFusion 9 Enterprise

Windows Server 2008

IIS7

And this is my <CFAPPLICATION> statement:

<CFAPPLICATION NAME="appName" CLIENTMANAGEMENT="No" SETCLIENTCOOKIES="Yes" SETDOMAINCOOKIES="Yes" SESSIONMANAGEMENT="Yes" SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 20, 0)#">

Do you have any idea how to make SESSION variables and COOKIES visible between all subdomains of the same domain?

Thank you!

    This topic has been closed for replies.
    Correct answer BKBK

    I have changed the files to create one SESSION variable, and one COOKIE. Seems that the COOKIE is visible from the subdomain, but the SESSION is not. Here are the two files again:

    http://www.viaromania.eu/create_session.cfm

    <cfset SESSION.test_session = "Hello SESSION!">

    <cfcookie name="test_cookie" value="#Now()#" domain=".viaromania.eu">


    <cfoutput>

    <p>SESSION.test_session = #SESSION.test_session#</p>

    <p>COOKIE.test_cookie = #COOKIE.test_cookie#</p>

    </cfoutput>

    http://www.viaromania.eu/test_session.cfm (notice the link is accessing the file from the main domain, not the subdomain)

    <p>

    <cfif IsDefined("SESSION.test_session")>

    <cfoutput>SESSION.test_session = #SESSION.test_session#</cfoutput>

    <cfelse>

    SESSION.test_session is not defined!

    </cfif>

    </p>


    <p>

    <cfif IsDefined("COOKIE.test_cookie")>

    <cfoutput>COOKIE.test_cookie = #COOKIE.test_cookie#</cfoutput>

    <cfelse>

    COOKIE.test_cookie is not defined!

    </cfif>

    </p>

    If you access the test file from the subdomain - click here: http://litoral.viaromania.eu/test_session.cfm it will see the COOKIE but not the SESSION...

    So, you're right! The COOKIE is visible but the session not! Any ideas why?

    Adrian.


    Do it manually and tell us what happens. To do it manually, set setClientCookies to "no" and then use this code

    <cfcookie name="CFID"
    domain=".viaromania.eu"
    value="#session.cfid#">

    <cfcookie    name="CFTOKEN"
    domain=".viaromania.eu"
    value="#session.cftoken#">

    <cfcookie name="JSESSIONID"
    domain=".viaromania.eu"
    value="#session.sessionid#">

    1 reply

    Owainnorth
    Owainnorth
    Inspiring
    June 17, 2011

    This is exactly what the "setdomaincookies=true" is meant to be more.

    I'd start debugging the problem by simply writing a cookie with one site, and making sure it can be read by the other. Then start working out why sessions aren't working once you know that's doing what it should do.

    A
    Adrian CiocalauAuthor
    Known Participant
    June 17, 2011

    I created two files:

    http://www.viaromania.eu/create_session.cfm

    <cfset SESSION.test_session = "Hello SESSION!">

    <cfoutput>#SESSION.test_session#</cfoutput>

    http://litoral.viaromania.eu/test_session.cfm

    <cfif IsDefined("SESSION.test_session")>

         <cfoutput>#SESSION.test_session#</cfoutput>

    <cfelse>

         SESSION.test_session is not defined!

    </cfif>

    Click on the first link and you'll see the session value displayed.

    Then click on the second link, and you'll see the session variable is not defined.

    A
    Adrian CiocalauAuthor
    Known Participant
    June 17, 2011

    MacLaeod wrote:

    When users log in I create a structure like this:

    <cfset SESSION.user = StructNew()>

    <cfset SESSION.user.id = 1>

    <cfset SESSION.user.first_name = "John">

    ...

    and so on...

    Then I check if the SESSION.user variable is defined and the ID it's ok to check if the user is logged in or not.

    I did a <CFDUMP VAR="#SESSION#"> and on the maindomain.com I see a bunch of SESSION variables created because I am logged in, but on the subdomain.maindomain.com the only SESSION variables created by default by the system are:

    struct
    sessionid843015a72de57aed8908547581a1b2d2e511
    urltokenCFID=4788774&CFTOKEN=6477fc7649bc8198-2D010AD0-0E06-7884-40DD17CFA4183 9AE&jsessionid=843015a72de57aed8908547581a1b2d2e511

    Compare the values of urltoken for domain and subdomains. What's the result?


    Domain:

    CFID=960503&CFTOKEN=108a69f434cc689d-B2001F2B-0F22-4BD9-EEC26FD9EEAB9C40&jsessionid=8430764f68488d6b51712455263c2e3d4557

    Subdomain:

    CFID=4788774&CFTOKEN=6477fc7649bc8198-2D010AD0-0E06-7884-40DD17CFA41839AE&jsessionid=843015a72de57aed8908547581a1b2d2e511

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices