I think I found what looks to be a pretty big bug regarding client
variable storage in CFMX. Strangely, the bug actually exists in both
CFMX 6.1 and CFMX 7.0.2 (the two versions I'm testing against), but
only crops up in 7.0.2. Further, you'll note that I'm saying it's a
client variable issue (it is), but the bug seems to be with the
JSESSIONID, which I thought only pertained to session variables. My
problem statement is that client variables are "disappearing" after
being set. In a nutshell, I log in to my site, which sets a couple of
client variables, and then when I navigate another page on the site,
the client variables are no longer in existence (it looks as if I've
never logged in before). I'm running CFMX 7.0.2 Enterpise (WAR
deployment) on Red Hat Enterprise Linux 4.0 (Update 3) using the
internal JRun web server and using J2EE session variables.
After a bit of detective work, I noticed while examining the HTTP
headers on my initial visit to the site (with no existing cookie set)
that the JSESSIONID is being set *twice* when I first hit my site.
However, one JSESSIONID is being stored in the cglobal table while the
other JSESSIONID is being stored in the actual cookie, which causes
subsequent lookups to mismatch. Hence, it looks as if I've never
logged in before.
Here's the relevent header information when first visiting the site:
HTTP/1.x 200 OK
Set-Cookie: CFID=102;expires=Thu, 14-Aug-2036 13:20:27 GMT;path=/
Set-Cookie:
CFTOKEN=66021081eab5f673-3609FCE3-CF52-FC2B-25E974A728406FC5;expires=Thu,
14-Aug-2036 13:20:27 GMT;path=/
Set-Cookie: JSESSIONID=583033e973025152237c;path=/
Set-Cookie: JSESSIONID=58306b4060d425456d5c;path=/
Date: Tue, 22 Aug 2006 13:20:27 GMT
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Connection: close
Server: JRun Web Server
See how there are two Set-Cookie directives for the JSESSIONID? The
interesting part is that CFMX 6.1 (on Solaris, at least) does the same
exact thing as far as the double Set-Cookie directives go. However,
here's where MX 6.1 and MX 7.0.2 differ...
If you examine what gets set in the actual cookie vs. what gets stored
in the "data" column in the cglobal table in MX 7.0.2, you'll see this
(based on the above header info):
urltoken=CFID#=102&CFTOKEN#=66021081eab5f673-3609FCE3-CF52-FC2B-25E974A728406FC5&jsessionid#=583033e973025152237c#lastvisit={ts
'2006-08-22 09:20:27'}#timecreated={ts '2006-08-22
09:20:26'}#hitcount=2#cftoken=66021081eab5f673-3609FCE3-CF52-FC2B-25E974A728406FC5#cfid=102#
The key bit there is the JSESSIONID value, which is set to
583033e973025152237c. However, the cookie's JSESSIONID value is
58306b4060d425456d5c.
Doing the same comparison using CMFX 6.1, this is the HTTP header info:
HTTP/1.x 200 OK
Set-Cookie: CFID=3499;expires=Thu, 14-Aug-2036 13:31:50 GMT;path=/
Set-Cookie:
CFTOKEN=525ea9a5badb14f2-36146ADA-DCAC-CE63-1706ADD070C8F8E1;expires=Thu,
14-Aug-2036 13:31:50 GMT;path=/
Set-Cookie: JSESSIONID=86308f1257484a747d6c;path=/
Set-Cookie: JSESSIONID=8630627b049162583e68;path=/
Date: Tue, 22 Aug 2006 13:31:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Server: JRun Web Server
And this is the cglobal.data column value:
urltoken=CFID#=3499&CFTOKEN#=525ea9a5badb14f2-36146ADA-DCAC-CE63-1706ADD070C8F8E1&jsessionid#=8630627b049162583e68#lastvisit={ts
'2006-08-22 09:32:03'}#timecreated={ts '2006-08-22
09:31:50'}#hitcount=9#cftoken=525ea9a5badb14f2-36146ADA-DCAC-CE63-1706ADD070C8F8E1#cfid=3499#
And the cookie's JSESSIONID value is 8630627b049162583e68.
Notice the key change in behavior between MX 6.1 and MX 7.0.2? In 6.1,
even though two Set-Cookie directives were being set, the client
variable storage logic was at least consistently using the second
JSESSIONID value. In 7.0.2, it appears that the first JSESSIONID value
is being stored in the cglobal table while the second JSESSIONID value
is being stored in the cglobal table.
Here's where the plot thickens even further... Even though my client
variables are not being returned on subsequent clicks through my site
(it's telling me I'm not logged in), the CFID/CFTOKEN/JSESSIONID
values are *not* being re-set on each page call. In fact, if I query
the cglobal table directly based on my CFID/CFTOKEN, the hitcount and
lvisit values are actually being updated!!!
This is a major showstopper in our migration process. Can anybody poke
a hole in my setup/logic and point out something I'm doing wrong? The
craziest part about it, to me, is that it's the client variables that
are disappearing even though it looks like the culprit is the
JSESSIONID value.
Regards,
Dave.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive: http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4189
Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
