I have a ColdFusion application that’s behind an ISA Server. Part of the application is protected by Basic Authentication and part is not. ISA Server sets a cookie when the user logs in, but the cookie is only available for reading when I bypass ISA. So, the cookie cannot be read from the server where the application is running.

I’m trying to test whether the user’s ISA session has timed out or not. I can’t make any HTTP calls on the application server without affecting the session expiration time.

I thought I could read the cookie from the back-end server through a cross domain AJAX call. Unfortunately, on the back-end server the cookie is only available in a directory that is protected by Basic Authentication. Because of the Basic Authentication requirement, I can’t use JSONP to check for the existence of the cookie. I also can’t use a proxy script on the application server because that will change the expiration time of the cookie, which is what I’m trying to avoid.

I tried using an iFrame in my application to load a page on the back-end server, but I can’t get it working with Basic Authentication. I always get the login pop-up box.

Any ideas how I can test for the existence of the cookie on the back-end server without triggering an update of the cookie expiration time on the application server?