I have a problem with session variables in my application. To make this short, my cold typing app is inside a dotted network app using iFrame. The main application uses dot net, so user login to dot net app. After successfully logging in, they can access my coldfusion application. through the link. Thus, there is no my login for my coldfusion application. (The boss does not want our users to log in twice!).
To distinguish each user, the dot network application passes two url variables, url.userid and urlusergroup, to my coldfusion application. Then I created session variables based on these URL variables, such as session.userid and session.usergroup, to distinguish between each user and their roles when they are roaming in my coldfusion application. This is how I create sessions: in my application .cfc (ColdFusion 10) OnSessionStart I have:
<cfset session.userid= url.userid> <cfset session.usergroup= url.usergroup>
If I log in as user A, these two sessions are created when I log out (via the network dot application) and then log back in as user B, a different set of sessions is created for user B, but the session variables that belong to user A still exists. It will ruin everything.
To support only one set of sessions at a time, I do the following in my index.cfm:
<CFIF StructKeyExists(session,"userid") > <cfif session.usergroup NEQ URL.usergroup AND session.userid NEQ url.userid> <cfset sessionInvalidate() /> <cfset session.userid = url.userid> <cfset session.usergroup = url.usergroup> </cfif> </CFIF
In this work, I can log in and log out as different users with different roles and access, but one thing that I notice remains unchanged is the cookie. When I cfdump var = "# cookie #", I see the same jsessionid = C2AEE274A09334EB98CCB2D332D6CADA.cfusion
My question is: should I do something with a cookie? Should I also extend its validity and rebuild the cookie for each new user in the same way as what I did with my sessions? How to delete a cookie and how to restore it for a user?