Dealing with cookie-less sessions

Axel asked a question about Vista Gadgets that I thought I would discuss here.

Sessions with MS Vista. I'm building a VISTA gadget calling an external CFM page using flash forms. It looks really cool, in particular in a flyout window. Now when I need to log into the app, I realized that the VISTA Gadget space seem not to have any session handler. Any idea?

The first thing you need to do is uninstall Vista. (No, I jest.) So with knowing nothing about Vista Gadgets (frankly widgets and gadgets bore me) I’d have to assume that they are acting like a cookie-less browser.

ColdFusion sessions require cookies in order to track your browser and associate it with a session… normally. If your browser doesn’t support cookies, you have two ways you can handle it.

All sessions come with a few default variables. One of them is URLToken. This is a string of the form cfid=XXX&cftoken=XXX (or cfid=xxx&cftoken=xxx&jsessionid=xxx). As you can see, it is in a format appropriate for query strings. This allows you to append it to the end of a link:

<a href="dharma.cfm?#session.urltoken#">Secret Dharma Files</a>

Another option is urlSessionFormat(). You can wrap your links with this function and ColdFusion will determine if it needs to add the session information or not. Here is an example of that:

<a href="#urlSessionFormat('dharma.cfm?')#">Secret Dharma Files</a>

The important thing to note though is that all links have to use one of these methods. That means both “simple” links like I used above as well as form tags. It would also include AJAX links if the back end needs session information in order to return the correct data.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for Extend by Auth0. He focuses on serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support.

Lafayette, LA