One of the clever things you can do to personalize your site is to give individuals or clients or affiliates (or your dog) a custom URL. For example, if I wanted to give my dog his own url on my "coldfusionmuse.com" domain I could create "Nicholos.coldfusionmuse.com". Now, unless you want to spend most of your time entering CNAME or A records into your DNS server I suggest the following:
You may already know that your session is tied to a cookie. While it's possible to use URL parameters it's pretty much a given that session aware sites use cookies. In the case of a Coldfusion server it uses either a "CFID" and "CFTOKEN" cookie or a "JSESSIONID" cookie. When a cookie is set it is specific to the domain. There is a domain string that specifies the domain to which a cookie belongs. For example, a cookie set for "www.coldfusionmuse.com" is different from a cookie set for "coldfusionmuse.com". Wait a minute! You can enable a cookie to be seen by sub domains using the CFCOOKIE tag - right? Like so:
While we cannot alter the automatic process that sets the CFID and CFTOKEN variables - we can manipulate these cookies to make them visible across sub domains. Here are the steps:
How does it work? Well... when I first go to "www.coldfusionmuse.com" the server checks to see if I have a session. It does this by looking for the CFID and CFTOKEN (or JSESSIONID) in the url, form and cookie scopes. Finding none, it creates a CFID and CFTOKEN for me in the session scope. With clientcookies turned off, the application, in effect, says, "Ok, the rest is up to you fancy pants developers out there. Manage the session yourself if you like". Without cookie code or url parameters the site would actually treat each new request as a brand new session. That's the effect of both not allowing cookies and allowing session management.
When you copy the session keys into the cookie scope and make them visible to sub domains you cut into this process at the initial step - when the server is searching the scopes for a session. It sees your keys and says "aha! this is what I'm looking for." Then it uses them to check memory for that particular application to see if there is a match and Viola! ... your session is restored. It's a hack - but it's kind of nifty in a way.