Hi folks, I'm working with a client who has a legacy (read that as pretty poorly written) ColdFusion 5 application and I'm experiencing some weirdness with client-scoped variables when the protocol changes from http to https (which it does somewhat randomly on their site).
Client variables hold the login information. Everything works fine for users on the http portion of the site. Many users (NOT all -- some work fine) get the "you are not a registered user, please login" which is triggered by the absense of client variables when they move from the http portion of the site to https. The problem has gotten worse recently, which correlates with some changes I have made. I enabled "setDomainCookies" since the site is moving to a cluster. I moved the physical location of the client variable storage from one MSSQL database (on the same box) to a dedicated database server -- I copied the client variable storage database from the original to the new machine. I've also renamed the underlying machine for the web site (again, as part of the cluster rollout) and it's a Win2k box running Apache 1.3 and OpenSSL (which is possibly relevant since SSL/https is where the issue occurs). Any ideas? I'm coming through the code archives to see if anything else changed, but I'm puzzled. I honestly think there's some pretty bad code in the whole security process, but the site was working more reliably in the past so it can't simply be "the code is garbage". Regards, John Paul Ashenfelter CTO/TransitionPoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
