Cross Platform Login

I am working on an application where all user authentication happens in a ColdFusion application (based on CFWheels), but interactions with the file servers happen through a Node.js application. I need to make sure that the user who is logged in on the CF application is allowed to access the files in the node server. I was thinking of setting a cook开发者_如何学运维ie with a CFToken or something that the node server can read and pass to ColdFusion asking "Hey can this token access this file"

My only problem with that is I wasn't sure if CFTokens are re-used eventually, and if they are what should I use instead?

If other people have other ways of doing this sort of thing where authentication needs to be reusable across multiple engines I would love to hear your strategies.

That sounds like a fine way to do it.

But, I would just use CFCOOKIE to set a cookie of your own devising.

The two servers will have to share a domain name, of course, to be able to read the same cookie. You will also have to set the cookie to be a domain cookie.

One clean way to architect this would be to create a whole CFC devoted to the security.

It would have methods for generating and validating login tokens.

Your CF application would use this to generate the token, and you could have your node.js application call this via a webservice using the

http://server.com/path/security.cfc?method=validateToken&token=whatever

An even more efficient way to do this, assuming they have access to the same datastore, would be to use the same algorithm to generate/decode (if needed) the tokens in both systems, and let the node.js app directly access the datastore.

When I needed to do this, we stored the "session" tokens in mongodb, and directly accessed the datastore from each application (CF, Java, and Rails). The CF system was responsible for the initial authentication. The other two systems did no authentication, just validated the token, and if it was not found/invalid/etc, responded in the appropriate way.

Yip, what you want to read up on is SSO (Single Sign-on).

OpenID is a popular one that works with multiple platforms including CF.

If you're feeling adventurous... With a little tought, it is fairly easy to devise your own mechanism for sharing logins - usually around sharing some token via a cookie or header or could also be via RESTfull (or any) form of webservice call too.