TASK:
Maintaining session state between the PHP application and the Coldfusion application, which together contains the entire application.
CURRENT METHOD:
When logging into our Coldfusion application (the only way to log in, i.e. cannot log in through the PHP application), we use the following JS fragment to call the remote PHP file that sets the PHP session cookie (which cannot be set via Coldfusion), and also on subsequent visits to Coldfusion, updates the PHP session:
<script type="text/javascript">
var imgPing = new Image();
imgPing.src = "http://remotePHPApplicationURL/remoteFile.php";
</script>
This snippet is loaded onto every Coldfusion page at login to support concurrent sessions.
This method works as intended when called through a page without SSL-Coldfusion, however there are some Coldfusion SSL pages that make up the application. When the SSL page calls this snippet, we get a warning about insecure content (which violates our SSL connection), as well as an “anonymous function” error, like in Chrome Inspector.
We tried CFHTTP to "GET" this PHP file, but it does not set the PHP cookie as it was developed. I do not understand how img.src executes a PHP file using CFHTTP.
Question:
Is there any other better way to call / execute / ping a PHP file against the img.src process, which seems to work only in situations other than SSL?
Here is an example of what a PHP file looks like:
<?php
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'index');
define('CSRF_PROTECTION', true);
$globaltemplates = array();
require_once('./global.php');
$phpapp->session->save();
setcookie('userid', 'uid');
setcookie('password', 'pass');
header("Content-Type: image/png");
?>