Cflogin on a cluster.

I spent this week configuring ColdFusion 8’s security framework to operate on a clustered server environment. One of our client is using two windows servers with CF8 enterprise edition running on them. They are in a clustered configuration, and using J2EE session variables.

One item that we found important to note is that develops need to be aware that cf stores the user role in a local variable, not in the cookie itself. While this is good for security, it’s a bit of a pain in the ass as it requires you to re-authenticate the user as you move over to the second server. We settled on using the OnRequestStart function in Application.cfc .

At first we had wanted to store the login authorization using the application variable:

loginstorage = “session”

After a few tries it became apparent that the servers where not passing on the authorization variable in the session information. Everytime the alternate server kicked in, the user would get logged out, because the variable was not carried over.

loginstorage = “cookie”

Did do the trick however… I am interested in finding out if anyone out there has any experience using the loginstorage = “session” in a clustered environment?

About Curious Minds
We are a web development firm in New York and Chicago, providing development resources and consulting for websites and mobile apps since 2004.