I have a problem when I need to perform authentication for users coming from a domain that is on a separate server, a database and built using JSP.
Here is a quick overview of the process:
domain1.com (Users access this page to access the site to access the content they need. Uses J2EE session identifiers)
domain2.com (a content area in which users can retrieve data created using ColdFusion 10. Data associated with each account is passed to the URL
eg,
domain2.com/content/content.cfm?customerID=12345
domain2.com/content/content.cfm?customerID=12345&pageid=AB12&type=CID1
The problem is that any user could access domain2 without logging into the domain through domain 1.com, simply by entering the URL. What are the best security methods for authenticating sessions that were originally authenticated from a domain hosted on a completely different platform from my ColdFusion environment?
source
share