CFTOKEN CFID cookies with long gibberish prefix... CF11?
Hi We have one CF web server running CF11 and noticed that the CFTOKEN and CFID cookies on that server have a long (51 char) string of random looking characters before the actual CFID or CFOTKEN numeric value. Ex: CFTOKEN = Z3epk1hxi861r0je68dw9xjrpf2oqa1vm0ygobljizhhw2d5gjh-22151980 Within CF, the COOKIE.CFTOKEN value looks normal... 22151980 from my example above. So, it looks like CF is adding the prefix when it sets the cookie and strips it off when parsing cookies for apps to use. We see the same prefix each time. (No other cookies have this prefix; we tried setting a CFTOKEN cookie value manually in code and the new value ends up with the prefix.) The problem if that we use domain cookies (for cross-server session management and user tracking) so these funky values are being presented to other web servers that are not running CF11 (all the rest of CF10), and they are getting confused by it. I didn't see anything like this mentioned in CF11 docs. I really need to disable it in the short term to keep things running smoothly until we have CF11 everywhere. Is this new behavior? Is it documented anywhere? Can I turn it off? (We are aware of the GUID session management cookie; for the time being we need to continue to use CFTOKEN CFID.) Help! Thanks Mark ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360386 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
I went thru this special brand of misery back in March of this year. Here is the thread: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:64982 There's a lot more in that thread than here as to potential causes of this problem. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359511 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
For anyone who stumbles across this post, I thought I should add the closure as I now understand it. First of all, the duplicate CFID and CFTOKEN was not the problem I thought it was. It confused matters, but it seems that most browsers can tolerate it, even though it makes no sense to me. I eventually found that browsers were losing the CFID/CFTOKEN values and as a result could not locate the session variables and that is what caused the problem. And for the most part it happened in IE, but was not consistent. Some IE11 systems failed all the time while others were sporadic and some ran fine. I found a couple of postings that said for security reasons you should now use J2EE Session Variables on the ColdFusion Administrator Memory Variables page and that would improve security and mean that CFID/CFTOKEN were no longer used so I tried it. And it worked. My ISP had not set that value but as soon as they did, everything worked perfectly again. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359497 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
I eventually found that browsers were losing the CFID/CFTOKEN values and as a result could not locate the session variables Actually, browsers are not losing cookies and do not locate session variables. Session variables are managed by ColdFusion. IMO the problem is that when CF receives TWO CFID/CFTOKEN values from ONE cookie, it does not recognize it as a valid CFID/CFTOKEN. It will then create a new session and loose the whole previous session variables. This new session will replace only one of the two values in the cookie and the problem continues. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359498 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
Some more info: - I have not issued a setclientcookies=yes so assuming that is the default it should be there. - the redirect is via an htaccess file which says RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] - I think the redirect is not relevant because I am doing the testing and I am only using www. - Multiple browsers have shown up with the duplicate cookies and the duplication seems to occur after a logon (using my own app code). I don't use any specific URLs ... all are relative based on the domain. Any other thoughts on what is causing it? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359387 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
I did what you suggested and thought that the problem had gone away. I was successful in getting any traffic to move to the www prefixed name but that didn't solve the cookie problem. I am having trouble creating the failure but I am still seeing duplicate cookies with the same CFID and CFTOKEN values. I would really like to eliminate these as I believe they are part of the problem I am trying to solve. What can cause CF10 to store duplicate cookies, one under the www subdomain and one at the higher level? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359384 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
If your Application has setclientcookies=yes, which is the default, a cookie/session will be created for each host used by the client to access the site. So domain.com,www.domain.com, 127.0.0.1, could all be the same physical web site, but would have 3 different cookies and sessions generated. You mentioned you setup a redirect to www. If the redirect is done via cflocation, then you would still see 2 CF cookies at the client, since the client actually is hitting both host names. A web server redirect would resolve this, so the client never really gets to domain.com as a CF request, hence no cfid/cftoken cookie. Another common issue I have seen is a login session occurring under www, but somewhere in the application a link goes to the non wwwîª host, which could result in a dropped session/login depending on how things are coded. Byron Mann Lead Engineer Architect HostMySite.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359385 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CF10 creating extra CFID/CFTOKEN cookies at the domain level
I am having a problem that from time to time CF10 creates a new pair of cookies at the domain level, specifically whitevalegolfcub.com The application runs under www.whitevalegolfclub.com and the CFID and CFTOKEN cookies are created there, along with several of my own, at logon. But this spontaneous creation of the additional pair at the domain level overrides the sub-domain cookies and hides them from my application. I have seen some postings that sound like others have had a similar problem but I have not heard of a fix for CF or a programming technique to stop it from happening and becoming a problem. I'd sure appreciate some input on why they are being created or on how to stop the problem from occurring. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359285 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 creating extra CFID/CFTOKEN cookies at the domain level
I notice that your site is reachable both through www.whitevalegolfclub.com and whitevalegolfclub.com. I had the same problem with one of my sites. It looks like two different cookies are created, one for www.whitevalegolfclub.com and the otheone for whitevalegolfclub.com and this this goofs CF. When looking for session cookies, CF does not recognizes one of its sessions and creates a new one every time. I got rid of the access to the site without www and it solved the problem. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359287 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Secure attribute on CF Session Cookies
Is there any way to ensure the CFTOKEN and CFID cookies include the secure attribute when sending over https? I see no way to do this on CF9. Thanks Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austi ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357312 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Secure attribute on CF Session Cookies
Is there any way to ensure the CFTOKEN and CFID cookies include the secure attribute when sending over https? I see no way to do this on CF9. You need to disable CF's automatic setting of those cookies, then set them yourself with CFCOOKIE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357313 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Secure attribute on CF Session Cookies
Ive seen people request this before due to a PCI security audit. Usually the best solution, depending on the code, is to switch to J2EE session variables. Instead of physical cookies the session cookies are true session cookies in browser memory. This would eliminate the secure cookies issue. I think? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Dec 6, 2013, at 1:29 PM, Robert Harrison rob...@austin-williams.com wrote: Is there any way to ensure the CFTOKEN and CFID cookies include the secure attribute when sending over https? I see no way to do this on CF9. Thanks Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austi ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357314 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Secure attribute on CF Session Cookies
On Fri, Dec 6, 2013 at 2:52 PM, Wil Genovese jugg...@trunkful.com wrote: Iè´e seen people request this before due to a PCI security audit. Usually the best solution, depending on the code, is to switch to J2EE session variables. Instead of physical cookies the session cookies are true session cookies in browser memory. This would eliminate the secure cookies issue. I think? You can create a browser session cookie for CFID/CFTOKEN cookies as well, you just have to write the cookies manually. But what Robert was asking about was the secure flag on the cookie, which indicates that the user agent should only send the cookie over a secure connection (eg HTTPS), again you have to do this by writing the cookies manually in CF9 and lower, here's an example showing how to do this: http://www.petefreitag.com/item/764.cfm For CF10 it is easy you just specify in your Application.cfc this.sessioncookie.secure = true Also with CF10 (or Tomcat rather) it will automatically add the secure flag to your JSESSIONID cookie on HTTPS requests, this causes your HTTP and HTTPS requests to be on different sessions, which for security is a good thing, but can lead to issues if you have coded your apps to expect otherwise. More info on that here: http://www.petefreitag.com/item/817.cfm -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357316 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Secure attribute on CF Session Cookies
Thanks. That's helpful. Appreciate it. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct  125 Kennedy Drive,  Suite 100   I  Hauppauge, NY 11788 T 631.231.6600 X 119   F 631.434.7022  http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -Original Message- From: Pete Freitag [mailto:p...@foundeo.com] Sent: Friday, December 06, 2013 4:09 PM To: cf-talk Subject: Re: Secure attribute on CF Session Cookies On Fri, Dec 6, 2013 at 2:52 PM, Wil Genovese jugg...@trunkful.com wrote: Iè´e seen people request this before due to a PCI security audit. Usually the best solution, depending on the code, is to switch to J2EE session variables. Instead of physical cookies the session cookies are true session cookies in browser memory. This would eliminate the secure cookies issue. I think? You can create a browser session cookie for CFID/CFTOKEN cookies as well, you just have to write the cookies manually. But what Robert was asking about was the secure flag on the cookie, which indicates that the user agent should only send the cookie over a secure connection (eg HTTPS), again you have to do this by writing the cookies manually in CF9 and lower, here's an example showing how to do this: http://www.petefreitag.com/item/764.cfm For CF10 it is easy you just specify in your Application.cfc this.sessioncookie.secure = true Also with CF10 (or Tomcat rather) it will automatically add the secure flag to your JSESSIONID cookie on HTTPS requests, this causes your HTTP and HTTPS requests to be on different sessions, which for security is a good thing, but can lead to issues if you have coded your apps to expect otherwise. More info on that here: http://www.petefreitag.com/item/817.cfm -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357317 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFCOOKIE mystery -- mixed case cookies returning as lowercase?
Yes, my tracing code shows the client hitting the cookie set page, and having the cookie set with all caps.Then on the next page the entire CGI.HTTP_COOKIE is being seen by the server as being lower case. HTTP_COOKIE: cfid=296838408; cftoken=af55396400; thecookie=abcdefg Note the strangest part here... even CFID and CFTOKEN identifier are lower case. The entire HTTP_COOKIE string for some reason is being read by CF as being lower case. By default, the names of all CF cookies are upper case. I can't imagine what's causing this. It happened twice more today. Two different users, different parts of the country, returning CGI.HTTP_COOKIE strings that are entirely lower case. I can't imagine anything on this end is doing that. Surely Apache isn't lower-casing random HTTP_COOKIE strings. And surely CF doesn't even have the ability to do that internally. Complete mystery. Something, somewhere is messing with these strings... Is the client hitting the first page for sure in these instances? My first thought would be that the cookie is client created. So a bot or hack attempt. Has anything changed at all with the code base, or where the cookie value is coming from? Like a possible query change. On Dec 5, 2012 10:45 PM, Tony Green tonygreen...@gmail.com wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353388 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFCOOKIE mystery -- mixed case cookies returning as lowercase?
If code and the environment hasn't changed, then it would maybe point to the client side of things. Any commonlaity to browsers? Maybe a particular recent release of a browser has a bug that is causing this. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353389 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CFCOOKIE mystery -- mixed case cookies returning as lowercase?
Hi CFTALK - I have a really weird mystery that Im trying to solve.I have an app that has run fine for about 5 years. All of a sudden, about a week ago, I'm starting to get cookies created by my own CFCOOKIE returning from random clients all in lower case. For example. Template A sets: cfcookie name=mycookie value=AbCdEfG expires= domain=.mydomain.com They then visit template B which returns: CFDUMP OF COOKIE SCOPE: mycookieabcdefg For some reason, while I'm setting AbCdEfG, when I read it back I'm getting cookie=abcdefg.This is wreaking havoc with my app since the data in that cookie is case sensitive. It's not hugely common -- a few requests a day from a very heavily trafficed website. User agents seem to be mixed, although the last 2 were Win NT machines. Still, I'd like to know whether there's some weird new browser bug out there, or whether something weird is going on with my CF implementation. Or maybe a virus scanner out there is screwing with cookies? Or something? I am running CF9, Linux Red Hat, Apache. Does anyone have any idea what may be going on? Thanks Tony ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353372 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFCOOKIE mystery -- mixed case cookies returning as lowercase?
Is the client hitting the first page for sure in these instances? My first thought would be that the cookie is client created. So a bot or hack attempt. Has anything changed at all with the code base, or where the cookie value is coming from? Like a possible query change. On Dec 5, 2012 10:45 PM, Tony Green tonygreen...@gmail.com wrote: Hi CFTALK - I have a really weird mystery that Im trying to solve.I have an app that has run fine for about 5 years. All of a sudden, about a week ago, I'm starting to get cookies created by my own CFCOOKIE returning from random clients all in lower case. For example. Template A sets: cfcookie name=mycookie value=AbCdEfG expires= domain=. mydomain.com They then visit template B which returns: CFDUMP OF COOKIE SCOPE: mycookieabcdefg For some reason, while I'm setting AbCdEfG, when I read it back I'm getting cookie=abcdefg.This is wreaking havoc with my app since the data in that cookie is case sensitive. It's not hugely common -- a few requests a day from a very heavily trafficed website. User agents seem to be mixed, although the last 2 were Win NT machines. Still, I'd like to know whether there's some weird new browser bug out there, or whether something weird is going on with my CF implementation. Or maybe a virus scanner out there is screwing with cookies? Or something? I am running CF9, Linux Red Hat, Apache. Does anyone have any idea what may be going on? Thanks Tony ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353375 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
We're encountering the following issue with some percentage of IE users (Definitely but not necessarily limited to IE8 8.0.7601.17514 windows 7). Basically their SESSION is failing the same way it might if they're cookies were disabled, however, we are able to set cookies manually using CFCOOKIE. After running several tests, we found that the users request headers include 2 CFID and CFTOKEN cookies. It seems like Coldfusion writes both into the COOKIE scope, then can't translate them into the SESSION so creates a new (third) CFID and CFTOKEN pair, then overwrites the value of both in the COOKIE scope. CGI.HTTP_COOKIES -- CFID=19602005; CFTOKEN=13461642; (other cookies removed); CFID=20907643; CFTOKEN=42056124; (other cookies removed); COOKIES -- struct CFID 20907644 CFID 20907644 CFTOKEN 22098534 CFTOKEN 22098534 SESSION -- struct cfid 20907644 cftoken 22098534 sessionid APPNAME_20907644_22098534 urltoken CFID=20907644CFTOKEN=22098534 Anybody know what could be going on here? Thanks in advance! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351997 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
I would use something like Chrome dev tools to see what cookies the browser can see and what domain they REALLY are being set on. BTW if one is forum.yourdomain.com and the other is www.yourdomain.com then the cookie will not be seen between the 2. It has to be specifically set for .yourdomain.com to be seen by both. J.J. On Thu, Jun 21, 2012 at 6:47 PM, Cory Fail juturnaph...@gmail.com wrote: This is what I am getting in the mybb directory. Why isn't transferring over to the home? Is there something I need to do to transfer it over? Perhaps use a different forum system? CFGLOBALS urltoken=CFID#=3654908CFTOKEN#=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CEjsessionid#=84306bffa4d850206c356392d7a5b4c34316#lastvisit={ts '2012-06-21 21:40:03'}#timecreated={ts '2012-06-21 19:02:42'}#hitcount=30#cftoken=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE#cfid=3654908# CFID 3654908 CFTOKEN 5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE COOKIE [empty string] JSESSIONID 8430da28351e3780595e624c2f6511829637 loginattempts 1 mybb[forumread] a:1:{i:2;i:1340305442;} mybb[lastactive] 1340311261 mybb[lastvisit] 1340305716 mybb[threadread] a:1:{i:1;i:1340305442;} mybbuser 1_E2luLfLB6lPUZNQtDULoR6rzb35jgW8FekA2eSPDV2cvODpaNe sid 480d6134ef92dc5f91b48815092e9279 1. It is using cookies at .fuelie.org at the path /forums 2. I just need to record the username, user id, and groupid. 3. It is on the same domain. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351653 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Grabbing PHP cookies.
I'm still some what a beginner with CF so take it easy on me. I currently have a web site that uses MyBB as a forum. My homepage/portal is programmed in coldfusion. Currently it is gathering post information so it shows latest posts and comments. I want users to be able to login here as well and then it redirect back to the homepage/portal. The login script works flawlessly, however, once someone logs in I want to be able to retrieve the cookies from myBB and then output the current user's username, userid, email, ect. How would I retrieve the cookies information and then output the information with coldfusion? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Grabbing PHP cookies.
cfoutput#COOKIE.name_of_cookie#/cfoutput I think that's what you need or maybe I'm oversimplifying it ;-) -Original Message- From: Cory Fail [mailto:juturnaph...@gmail.com] Sent: 21 June 2012 15:40 To: cf-talk Subject: Grabbing PHP cookies. I'm still some what a beginner with CF so take it easy on me. I currently have a web site that uses MyBB as a forum. My homepage/portal is programmed in coldfusion. Currently it is gathering post information so it shows latest posts and comments. I want users to be able to login here as well and then it redirect back to the homepage/portal. The login script works flawlessly, however, once someone logs in I want to be able to retrieve the cookies from myBB and then output the current user's username, userid, email, ect. How would I retrieve the cookies information and then output the information with coldfusion? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion- Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf- talk/message.cfm/messageid:351633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
Cookies are per domain - so you just... use em. If you have your forums in the same domain, when you hit the CFM, just access them as cookie.whatever. On Thu, Jun 21, 2012 at 9:39 AM, Cory Fail juturnaph...@gmail.com wrote: I'm still some what a beginner with CF so take it easy on me. I currently have a web site that uses MyBB as a forum. My homepage/portal is programmed in coldfusion. Currently it is gathering post information so it shows latest posts and comments. I want users to be able to login here as well and then it redirect back to the homepage/portal. The login script works flawlessly, however, once someone logs in I want to be able to retrieve the cookies from myBB and then output the current user's username, userid, email, ect. How would I retrieve the cookies information and then output the information with coldfusion? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351635 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
I'm still some what a beginner with CF so take it easy on me. I currently have a web site that uses MyBB as a forum. My homepage/portal is programmed in coldfusion. Currently it is gathering post information so it shows latest posts and comments. I want users to be able to login here as well and then it redirect back to the homepage/portal. The login script works flawlessly, however, once someone logs in I want to be able to retrieve the cookies from myBB and then output the current user's username, userid, email, ect. How would I retrieve the cookies information and then output the information with coldfusion? To add to what Edward and Ray have already said, it may be the case that the cookies are host-specific, rather than domain-specific, so you'll need to see if they exist at all when someone visits your CF application. For example, if you had two different URLs: mybb.example.com www.example.com those two are within the example.com domain, and therefore can share cookies. But, it's possible that the myBB application set the cookies so that they're only returned to mybb.example.com. In that case, you might have to modify the myBB code to set those cookies as domain-wide. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351636 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
I'm still some what a beginner with CF so take it easy on me. I currently have a web site that uses MyBB as a forum. My homepage/portal is programmed in coldfusion. Currently it is gathering post information so it shows latest posts and comments. I want users to be able to login here as well and then it redirect back to the homepage/portal. The login script works flawlessly, however, once someone logs in I want to be able to retrieve the cookies from myBB and then output the current user's username, userid, email, ect. How would I retrieve the cookies information and then output the information with coldfusion? To add to what Edward and Ray have already said, it may be the case that the cookies are host-specific, rather than domain-specific, so you'll need to see if they exist at all when someone visits your CF application. For example, if you had two different URLs: mybb.example.com www.example.com those two are within the example.com domain, and therefore can share cookies. But, it's possible that the myBB application set the cookies so that they're only returned to mybb.example.com. In that case, you might have to modify the myBB code to set those cookies as domain-wide. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351640 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
Thanks for the info. However, I have no idea how to start so that a variable only shows the logged in users information. Instead whats currently on the database itself. Would this be done with a session? Can someone give me some example code to start me off? Thanks a lot guys! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351641 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
I'm still some what a beginner with CF so take it easy on me. I Thanks for the info. However, I have no idea how to start so that a variable only shows the logged in users information. Instead whats currently on the database itself. Would this be done with a session? Can someone give me some example code to start me off? Thanks a lot guys! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351642 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
One of the greatest tools in ColdFusion is the CFDUMP tag. Try this: cfdump var=#cookie# ...and see what's there! =) Hope this helps! Warm Regards, Jordan Michaels On 06/21/2012 11:12 AM, Cory Fail wrote: Thanks for the info. However, I have no idea how to start so that a variable only shows the logged in users information. Instead whats currently on the database itself. Would this be done with a session? Can someone give me some example code to start me off? Thanks a lot guys! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351643 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
One of the greatest tools in ColdFusion is the CFDUMP tag. Try this: cfdump var=#cookie# ... and see what's there! =) Hope this helps! Warm Regards, Jordan Michaels On 06/21/2012 11:12 AM, Cory Fail wrote: Thanks for the info. However, I have no idea how to start so that a variable only shows the logged in users information. Instead whats currently on the database itself. Would this be done with a session? Can someone give me some example code to start me off? Thanks a lot guys! CFGLOBALS urltoken=CFID#=3654908CFTOKEN#=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CEjsessionid#=84306bffa4d850206c356392d7a5b4c34316#lastvisit={ts '2012-06-21 19:05:49'}#timecreated={ts '2012-06-21 19:02:42'}#hitcount=7#cftoken=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE#cfid=3654908# CFID3654908 CFTOKEN 5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE COOKIE [empty string] JSESSIONID 84306bffa4d850206c356392d7a5b4c34316 Thats what I get in my dump. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351644 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
One of the greatest tools in ColdFusion is the CFDUMP tag. Try this: cfdump var=#cookie# ... and see what's there! =) Hope this helps! Warm Regards, Jordan Michaels On 06/21/2012 11:12 AM, Cory Fail wrote: Thanks for the info. However, I have no idea how to start so that a variable only shows the logged in users information. Instead whats currently on the database itself. Would this be done with a session? Can someone give me some example code to start me off? Thanks a lot guys! This is what is returned. CFGLOBALS urltoken=CFID#=3654908CFTOKEN#=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CEjsessionid#=84306bffa4d850206c356392d7a5b4c34316#lastvisit={ts '2012-06-21 19:05:49'}#timecreated={ts '2012-06-21 19:02:42'}#hitcount=7#cftoken=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE#cfid=3654908# CFID3654908 CFTOKEN 5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE COOKIE [empty string] JSESSIONID 84306bffa4d850206c356392d7a5b4c34316 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351645 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
Sorry for the double posts.. It didnt seem like it was sent. One of the greatest tools in ColdFusion is the CFDUMP tag. Try this: cfdump var=#cookie# ... and see what's there! =) Hope this helps! Warm Regards, Jordan Michaels On 06/21/2012 11:12 AM, Cory Fail wrote: Thanks for the info. However, I have no idea how to start so that a variable only shows the logged in users information. Instead whats currently on the database itself. Would this be done with a session? Can someone give me some example code to start me off? Thanks a lot guys! This is what is returned. CFGLOBALS urltoken=CFID#=3654908CFTOKEN#=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102A CD5F1CEjsessionid#=84306bffa4d850206c356392d7a5b4c34316#lastvisit={ts '2012-06-21 19:05:49'}#timecreated={ts '2012-06-21 19:02:42'}#hitcount=7#cftok en=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE#cfid=3654908# CFID 3654908 CFTOKEN 5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE COOKIE[empty string] JSESSIONID84306bffa4d850206c356392d7a5b4c34316 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351646 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
Looking at your dump, those are pretty much all ColdFusion created cookies. 1. Are you sure that the php app is setting cookies? 2. What data from the cookies are you hoping to use? 3. Is the php app on the same domain as your CF app? -- Alan Rother Manager, Phoenix Cold Fusion User Group, www.AZCFUG.org Twitter: @AlanRother ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351648 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
1. It is using cookies at .fuelie.org at the path /forums 2. I just need to record the username, user id, and groupid. 3. It is on the same domain. Looking at your dump, those are pretty much all ColdFusion created cookies. 1. Are you sure that the php app is setting cookies? 2. What data from the cookies are you hoping to use? 3. Is the php app on the same domain as your CF app? -- Alan Rother Manager, Phoenix Cold Fusion User Group, www.AZCFUG.org Twitter: @AlanRother ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351649 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
1. It is using cookies at .fuelie.org at the path /forums If the cookie is set to specifically use that path, it won't be sent to any URL on your server that doesn't match that path. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351650 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Grabbing PHP cookies.
This is what I am getting in the mybb directory. Why isn't transferring over to the home? Is there something I need to do to transfer it over? Perhaps use a different forum system? CFGLOBALS urltoken=CFID#=3654908CFTOKEN#=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CEjsessionid#=84306bffa4d850206c356392d7a5b4c34316#lastvisit={ts '2012-06-21 21:40:03'}#timecreated={ts '2012-06-21 19:02:42'}#hitcount=30#cftoken=5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE#cfid=3654908# CFID3654908 CFTOKEN 5d97064d9dc3543e-A21AA8C1-9C8E-9908-9B0D9102ACD5F1CE COOKIE [empty string] JSESSIONID 8430da28351e3780595e624c2f6511829637 loginattempts 1 mybb[forumread] a:1:{i:2;i:1340305442;} mybb[lastactive]1340311261 mybb[lastvisit] 1340305716 mybb[threadread]a:1:{i:1;i:1340305442;} mybbuser1_E2luLfLB6lPUZNQtDULoR6rzb35jgW8FekA2eSPDV2cvODpaNe sid 480d6134ef92dc5f91b48815092e9279 1. It is using cookies at .fuelie.org at the path /forums 2. I just need to record the username, user id, and groupid. 3. It is on the same domain. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351651 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
Richard or James, Was the cause of this issue ever determined for either of you? We're having the same issue with a small percentage of users. We're detecting the double CFID entry in cgi.http_cookie and running a javascript to clear all our domain's cookies when we find the double CFID. We also set a tracking cookie so we don't try to clear that user's cookies again in case the double CFID doesn't go away. I believe that CF is setting a CFID and CFTOKEN for both www.domain.com and .domain.com and maybe that's why it's getting confused. However this is just dealing with the issue, not correcting it. Any info from your end would be appreciated. Thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350051 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
Richard, did you ever get this resolved? We've begun experiencing the very same issue on our end (IE 8 on Win7). We're using one domain-level cookie on our site, but ColdFusion cookies are set specific to the sub-domain. We also only have one Web site on the server using CF. Clearing cookies works for some users, while others run into the issue again after some amount of time, after clearing their cookies. James We're encountering the following issue with some percentage of IE users (Definitely but not necessarily limited to IE8 8.0.7601.17514 windows 7). Basically their SESSION is failing the same way it might if they're cookies were disabled, however, we are able to set cookies manually using CFCOOKIE. After running several tests, we found that the users request headers include 2 CFID and CFTOKEN cookies. [...] ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347410 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
We have one server running ColdFusion 8 Enterprise. It has two applications with each application having two load balanced instances. Both applications are called within one website. OK, in your application are you using the setDomainCookies attribute in CFAPPLICATION/Application.cfc? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347411 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
Should we be using jsessionids instead? Are there any problems in switching to them? Thanks so much. Generally, I prefer using JSESSIONIDs. But if you have any explicit references to CFID and CFTOKEN in your code, those would have to change appropriately. Also, JSESSIONID is destroyed when the user closes the browser - CFID and CFTOKEN are not, by default. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347412 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
I believe setting the useUUID setting in the cfadmin can help with such issues, if I recall correctly this also avoids the use of CFID and CFTOKEN, and uses an alternate variable instead, CFMAGIC or somehting? its been a while since I looked at this as I use UUID as default for years now so I might be completely wrong and i'm sure Dave will correct me if I am. I wasn't aware that JessionID is browser session based, which is interesting to know, but you can get around that by generating the cookie yourself and giving it an expiry date. On Mon, Sep 12, 2011 at 5:36 PM, Dave Watts dwa...@figleaf.com wrote: Should we be using jsessionids instead? Are there any problems in switching to them? Thanks so much. Generally, I prefer using JSESSIONIDs. But if you have any explicit references to CFID and CFTOKEN in your code, those would have to change appropriately. Also, JSESSIONID is destroyed when the user closes the browser - CFID and CFTOKEN are not, by default. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347413 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
I believe setting the useUUID setting in the cfadmin can help with such issues, if I recall correctly this also avoids the use of CFID and CFTOKEN, and uses an alternate variable instead, CFMAGIC or somehting? its been a while since I looked at this as I use UUID as default for years now so I might be completely wrong and i'm sure Dave will correct me if I am. I think this just uses a UUID for CFTOKEN, actually. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347415 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
So whats this cfmagic var I'm remembering ? Regards Russ Michaels From my mobile On 12 Sep 2011 18:42, Dave Watts dwa...@figleaf.com wrote: I believe setting the useUUID setting in the cfadmin can help with such issues, if I recall correctly this also avoids the use of CFID and CFTOKEN, and uses an alternate variable instead, CFMAGIC or somehting? its been a while since I looked at this as I use UUID as default for years now so I might be completely wrong and i'm sure Dave will correct me if I am. I think this just uses a UUID for CFTOKEN, actually. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347419 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
Are you maybe thinking about the setting that says use J2EE sessions and changes the CFID and CFTOKEN combo to a jsessionid token? Judah On Mon, Sep 12, 2011 at 12:57 PM, Russ Michaels r...@michaels.me.uk wrote: So whats this cfmagic var I'm remembering ? Regards Russ Michaels From my mobile On 12 Sep 2011 18:42, Dave Watts dwa...@figleaf.com wrote: I believe setting the useUUID setting in the cfadmin can help with such issues, if I recall correctly this also avoids the use of CFID and CFTOKEN, and uses an alternate variable instead, CFMAGIC or somehting? its been a while since I looked at this as I use UUID as default for years now so I might be completely wrong and i'm sure Dave will correct me if I am. I think this just uses a UUID for CFTOKEN, actually. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347420 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
Perhaps try asking David Blaine? On Mon, Sep 12, 2011 at 3:57 PM, Russ Michaels r...@michaels.me.uk wrote: So whats this cfmagic var I'm remembering ? Regards Russ Michaels From my mobile On 12 Sep 2011 18:42, Dave Watts dwa...@figleaf.com wrote: I believe setting the useUUID setting in the cfadmin can help with such issues, if I recall correctly this also avoids the use of CFID and CFTOKEN, and uses an alternate variable instead, CFMAGIC or somehting? its been a while since I looked at this as I use UUID as default for years now so I might be completely wrong and i'm sure Dave will correct me if I am. I think this just uses a UUID for CFTOKEN, actually. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347421 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
ah I remember now. CFMAGIC is only set if you have setDomainCookies set to true in your CFAPPLICATION tag. It's there to allow you to have multiple domains read the same cookies to tie together a session across them On 12 Sep 2011 18:42, Dave Watts dwa...@figleaf.com wrote: I believe setting the useUUID setting in the cfadmin can help with such issues, if I recall correctly this also avoids the use of CFID and CFTOKEN, and uses an alternate variable instead, CFMAGIC or somehting? its been a while since I looked at this as I use UUID as default for years now so I might be completely wrong and i'm sure Dave will correct me if I am. I think this just uses a UUID for CFTOKEN, actually. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347422 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
We're encountering the following issue with some percentage of IE users (Definitely but not necessarily limited to IE8 8.0.7601.17514 windows 7). Basically their SESSION is failing the same way it might if they're cookies were disabled, however, we are able to set cookies manually using CFCOOKIE. After running several tests, we found that the users request headers include 2 CFID and CFTOKEN cookies. It seems like Coldfusion writes both into the COOKIE scope, then can't translate them into the SESSION so creates a new (third) CFID and CFTOKEN pair, then overwrites the value of both in the COOKIE scope. CGI.HTTP_COOKIES -- CFID=19602005; CFTOKEN=13461642; (other cookies removed); CFID=20907643; CFTOKEN=42056124; (other cookies removed); Do you have more than one CF server within your domain? If so, are you setting domain-wide cookies on either server? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsi ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346680 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
We have one server running ColdFusion 8 Enterprise. It has two applications with each application having two load balanced instances. Both applications are called within one website. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346690 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Sessions failing due to multiple CFID / CFTOKEN cookies
Should we be using jsessionids instead? Are there any problems in switching to them? Thanks so much. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346700 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Sessions failing due to multiple CFID / CFTOKEN cookies
We're encountering the following issue with some percentage of IE users (Definitely but not necessarily limited to IE8 8.0.7601.17514 windows 7). Basically their SESSION is failing the same way it might if they're cookies were disabled, however, we are able to set cookies manually using CFCOOKIE. After running several tests, we found that the users request headers include 2 CFID and CFTOKEN cookies. It seems like Coldfusion writes both into the COOKIE scope, then can't translate them into the SESSION so creates a new (third) CFID and CFTOKEN pair, then overwrites the value of both in the COOKIE scope. CGI.HTTP_COOKIES -- CFID=19602005; CFTOKEN=13461642; (other cookies removed); CFID=20907643; CFTOKEN=42056124; (other cookies removed); COOKIES -- struct CFID20907644 CFID20907644 CFTOKEN 22098534 CFTOKEN 22098534 SESSION -- struct cfid20907644 cftoken 22098534 sessionid APPNAME_20907644_22098534 urltokenCFID=20907644CFTOKEN=22098534 Anybody know what could be going on here? Thanks in advance! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346659 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Clearing session vars and cookies from subdomain
I believe the problem is that when you call the page with cfhttp it is not run in the user's context, but a new context as the server instead. This means that the cfcookie won't work either, since it is trying to send the cookie to the server instead of the user. You could try hidden iframes or maybe ajax calls to update the other domains. ~Mahcsig On Fri, Jul 8, 2011 at 12:00 PM, Gerald Weir malleth...@verizon.net wrote: Hello, We have 3 sites. I'll call them www, abc, and xyz. I have a cookie that is a domain cookie and has a userid as a value. I have written code for each site that uses onSessionStart and onRequestStart to check for the cookie so that when users travel between the 3 sites they will be automatically logged in when they get there. They might never go to one of the other sites OR they might go there and then go onto another site and login. That is the reason for both onSessionStart and onRequestStart. The problem is Logout. I have written logout code to clear certain session vars and cookies. This code is on WWW. for testing. Within this code I do CFHTTP calls to the other two subdomains to a file that runs a CFC that looks like the following: cffunction name=killSession access=public hint=logs out user when called from a remote site output=false returntype=void cfset var local = StructNew() cfset local.delSessVarsList = userid,userdata cfset local.delCookieList = domain_userid,sesid,showdebug,trak cfloop collection=#session# item=i cfif ListFindNoCase(local.delSessVarsList, i) cfset StructDelete(session,i) /cfif /cfloop cfcookie name=domain_userid value=loggedout expires=NOW domain=. projectsinknowledge.com cfset session.userid = cfset session.userdata = cfloop collection=#cookie# item=j cfif ListFindNoCase(local.delCookieList, j) cfset StructDelete(cookie,j) /cfif /cfloop cflog file=testLOService type=Information text=I am in the ABC remote cfc. cfreturn /cffunction If I call the logout file on the ABC. subdomain directly in the browser like: http://ABC.ourdomain.com/logout_test.cfm then I look at the session dump and everyting has been deleted or expired correctly. But, if I call the same file from the CFHTTP call in the code on WWW. then it doesn't work. Does ColdFusion not allow me to clear cookies and session vars if I am calling the CFM page from a different server? Thanks, Jerry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346175 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Clearing session vars and cookies from subdomain
Hello, We have 3 sites. I'll call them www, abc, and xyz. I have a cookie that is a domain cookie and has a userid as a value. I have written code for each site that uses onSessionStart and onRequestStart to check for the cookie so that when users travel between the 3 sites they will be automatically logged in when they get there. They might never go to one of the other sites OR they might go there and then go onto another site and login. That is the reason for both onSessionStart and onRequestStart. The problem is Logout. I have written logout code to clear certain session vars and cookies. This code is on WWW. for testing. Within this code I do CFHTTP calls to the other two subdomains to a file that runs a CFC that looks like the following: cffunction name=killSession access=public hint=logs out user when called from a remote site output=false returntype=void cfset var local = StructNew() cfset local.delSessVarsList = userid,userdata cfset local.delCookieList = domain_userid,sesid,showdebug,trak cfloop collection=#session# item=i cfif ListFindNoCase(local.delSessVarsList, i) cfset StructDelete(session,i) /cfif /cfloop cfcookie name=domain_userid value=loggedout expires=NOW domain=.projectsinknowledge.com cfset session.userid = cfset session.userdata = cfloop collection=#cookie# item=j cfif ListFindNoCase(local.delCookieList, j) cfset StructDelete(cookie,j) /cfif /cfloop cflog file=testLOService type=Information text=I am in the ABC remote cfc. cfreturn /cffunction If I call the logout file on the ABC. subdomain directly in the browser like: http://ABC.ourdomain.com/logout_test.cfm then I look at the session dump and everyting has been deleted or expired correctly. But, if I call the same file from the CFHTTP call in the code on WWW. then it doesn't work. Does ColdFusion not allow me to clear cookies and session vars if I am calling the CFM page from a different server? Thanks, Jerry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346163 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
I'd be interested to know. I've been using the short method for years and never had a problem. However I'd love to know if the longer version is actually more stable. No, there's no problem with the shorter method. Of course, nowadays you should probably just use JSESSIONID instead. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337300 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
I have a cookie dupication problem that I cannot get my head around. This is a duplication of my thread on cf-aussie, so apologies to those who are seeing this twice. See this page for example. http://www.biowishtechnologies.com/au/information/our-company1/senior-management-team/lorenzo-gella/ If you click through a few pages on this site, then view the cookies that have been set for it you will see they have been multiplied a lot of times, I am guessing unnecessarily. I believe these cookies should be set only once in the root of the site. This happens for the CF and Google Analytics cookies. This issue appears to occur on CF9 in development and in CF8 on live. I have tried different combinations of cfcookie and settings but nothing seems to stop it happening. I believe that this issue is causes Internet Explorer users to receive a blank page every now and again because the limit on the number of cookies is being reached. In our application.cfc we have used this code in onRequestStart() to set UID, and cf vars cfcookie name=UUID value=#createUUID()# expires=never cfcookie name=cfid value=#Client.cfid# cfcookie name=cftoken value=#Client.cftoken# I have tried to use domain=www.biowishtechnologies.com path=/ but it makes no difference. It's doing exactly what you told it to do - it's setting cookies on each request. If you put CFCOOKIE tags in onRequestStart, they will run for every request. Move the CFCOOKIE tags to onSessionStart, and disable the automatic setting of cookies in your application properties, or just use JSESSIONID. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337301 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
I thought this was the standard trick: !--- This expires the session once the browser window is closed. --- cfif IsDefined(cookie.cfid) AND IsDefined(cookie.cftoken) cfcookie name=cfid value=cookie.cfid cfcookie name=cftoken value=cookie.cftoken /cfif The other way is just an extra step. On Thu, Sep 16, 2010 at 9:50 PM, Kym Kovan dev-li...@mbcomms.net.au wrote: On 17/09/2010 10:49, Michael Grant wrote: Am I just tired or is this a little redundant? Set a local var equal to the cookie value, then overwrite the cookie value with the local var value? Surely I'm just reading this wrong. Its a standard trick to change the expires attribute for the cookie so it expires immediately. Close browser, open browser and it becomes a new session rather than using the still-existing cookies from before. HTH Kym K On Thu, Sep 16, 2010 at 8:35 PM, Andrew Scottandr...@andyscott.id.au wrote: You should be doing something like this. cfif isDefined(Cookie.CFID) AND isDefined(Cookie.CFTOKEN) cfset cfId_local = Cookie.CFID cfset cftoken_local = Cookie.CFTOKEN cfcookie name=CFID value=#cfId_local# cfcookie name=CFTOKEN value=#cftoken_local# /cfif -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337171 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
On 17/09/2010 8:27 PM, Michael Grant wrote: I thought this was the standard trick: !--- This expires the session once the browser window is closed. --- cfif IsDefined(cookie.cfid) AND IsDefined(cookie.cftoken) cfcookie name=cfid value=cookie.cfid cfcookie name=cftoken value=cookie.cftoken /cfif The other way is just an extra step. I can't recollect but there was some strange context where that simpler version broke. -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337172 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
On 17/09/2010 1:17 PM, Duncan wrote: @Kym, creating new cookies on starting a new session I would understand, but take a look at my logging, each request is within the current session, CF is not calling onSessionStart on each page refresh. We still end up with duplicte cookies, all with values accumulated from the previous request. It is most strange. My immediate thought was that the domain name was wrong so it was starting a new session each time but that is not the case. Have you tried using the domain attribute as an experiment to see if that makes a difference? Using the higher domain, eg domain.name rather than www.domain.name -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337173 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
I'd be interested to know. I've been using the short method for years and never had a problem. However I'd love to know if the longer version is actually more stable. Stable Short On Fri, Sep 17, 2010 at 7:18 AM, Kym Kovan dev-li...@mbcomms.net.au wrote: On 17/09/2010 8:27 PM, Michael Grant wrote: I thought this was the standard trick: !--- This expires the session once the browser window is closed. --- cfif IsDefined(cookie.cfid) AND IsDefined(cookie.cftoken) cfcookie name=cfid value=cookie.cfid cfcookie name=cftoken value=cookie.cftoken /cfif The other way is just an extra step. I can't recollect but there was some strange context where that simpler version broke. -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337178 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
duplication of cookies on each request
Hi Folks, I have a cookie dupication problem that I cannot get my head around. This is a duplication of my thread on cf-aussie, so apologies to those who are seeing this twice. See this page for example. http://www.biowishtechnologies.com/au/information/our-company1/senior-management-team/lorenzo-gella/ If you click through a few pages on this site, then view the cookies that have been set for it you will see they have been multiplied a lot of times, I am guessing unnecessarily. I believe these cookies should be set only once in the root of the site. This happens for the CF and Google Analytics cookies. This issue appears to occur on CF9 in development and in CF8 on live. I have tried different combinations of cfcookie and settings but nothing seems to stop it happening. I believe that this issue is causes Internet Explorer users to receive a blank page every now and again because the limit on the number of cookies is being reached. In our application.cfc we have used this code in onRequestStart() to set UID, and cf vars cfcookie name=UUID value=#createUUID()# expires=never cfcookie name=cfid value=#Client.cfid# cfcookie name=cftoken value=#Client.cftoken# I have tried to use domain=www.biowishtechnologies.com path=/ but it makes no difference. The application is set out like this: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(0,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- We have also removed all cfcookie tags, and then CF set the jsessionid in a cookie. This has no change. We also moved the cookie tags into the onSessionStart, but again no difference. I put some logging in to my on session start and on app start, and here is what I found: application set as follows: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(30,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- creates one jsessionid cookie 4 x GA cookies _utma _utmb _utmc _utmz (all in lowercase) go to a sub page get an extra 2 x jsessionid cookies, 2 more sets of GA cookies but this time the names are in uppercase go to a third page I get 3 more jsessionid cookies (now a total of 6, and now have a set of 8 utma cookies. The logging suggests that the session stays, and that the onsessionstart is only called once. Information,jrpp-11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app new session Information,jrpp-11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp-11,09/16/10,13:07:35,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp-11,09/16/10,13:08:29,LOCAL.BIOWISH.LOCAL,running app on req start -- The exact same thing is happening on live with the GA cookies too. This leads me to think its not about the CF code. Why would the Google Analytics cookies be replicated and increased each request? Thanks! -- Duncan I Loxton duncan.lox...@gmail.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337158 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: duplication of cookies on each request
You should be doing something like this. cfif isDefined(Cookie.CFID) AND isDefined(Cookie.CFTOKEN) cfset cfId_local = Cookie.CFID cfset cftoken_local = Cookie.CFTOKEN cfcookie name=CFID value=#cfId_local# cfcookie name=CFTOKEN value=#cftoken_local# /cfif Regards, Andrew Scott http://www.andyscott.id.au/ -Original Message- From: Duncan [mailto:duncan.lox...@gmail.com] Sent: Friday, 17 September 2010 8:29 AM To: cf-talk Subject: duplication of cookies on each request Hi Folks, I have a cookie dupication problem that I cannot get my head around. This is a duplication of my thread on cf-aussie, so apologies to those who are seeing this twice. See this page for example. http://www.biowishtechnologies.com/au/information/our- company1/senior-management-team/lorenzo-gella/ If you click through a few pages on this site, then view the cookies that have been set for it you will see they have been multiplied a lot of times, I am guessing unnecessarily. I believe these cookies should be set only once in the root of the site. This happens for the CF and Google Analytics cookies. This issue appears to occur on CF9 in development and in CF8 on live. I have tried different combinations of cfcookie and settings but nothing seems to stop it happening. I believe that this issue is causes Internet Explorer users to receive a blank page every now and again because the limit on the number of cookies is being reached. In our application.cfc we have used this code in onRequestStart() to set UID, and cf vars cfcookie name=UUID value=#createUUID()# expires=never cfcookie name=cfid value=#Client.cfid# cfcookie name=cftoken value=#Client.cftoken# I have tried to use domain=www.biowishtechnologies.com path=/ but it makes no difference. The application is set out like this: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(0,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- We have also removed all cfcookie tags, and then CF set the jsessionid in a cookie. This has no change. We also moved the cookie tags into the onSessionStart, but again no difference. I put some logging in to my on session start and on app start, and here is what I found: application set as follows: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(30,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- creates one jsessionid cookie 4 x GA cookies _utma _utmb _utmc _utmz (all in lowercase) go to a sub page get an extra 2 x jsessionid cookies, 2 more sets of GA cookies but this time the names are in uppercase go to a third page I get 3 more jsessionid cookies (now a total of 6, and now have a set of 8 utma cookies. The logging suggests that the session stays, and that the onsessionstart is only called once. Information,jrpp- 11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app new session Information,jrpp- 11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp- 11,09/16/10,13:07:35,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp- 11,09/16/10,13:08:29,LOCAL.BIOWISH.LOCAL,running app on req start -- The exact same thing is happening on live with the GA cookies too. This leads me to think its not about the CF code. Why would the Google Analytics cookies be replicated and increased each request? Thanks! -- Duncan I Loxton duncan.lox...@gmail.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337162 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
OT: You should really pre-load those mouse over images for the tabs. WHen I mouse over I get a big ole' whitespace while the image loads. On Thu, Sep 16, 2010 at 6:29 PM, Duncan duncan.lox...@gmail.com wrote: Hi Folks, I have a cookie dupication problem that I cannot get my head around. This is a duplication of my thread on cf-aussie, so apologies to those who are seeing this twice. See this page for example. http://www.biowishtechnologies.com/au/information/our-company1/senior-management-team/lorenzo-gella/ If you click through a few pages on this site, then view the cookies that have been set for it you will see they have been multiplied a lot of times, I am guessing unnecessarily. I believe these cookies should be set only once in the root of the site. This happens for the CF and Google Analytics cookies. This issue appears to occur on CF9 in development and in CF8 on live. I have tried different combinations of cfcookie and settings but nothing seems to stop it happening. I believe that this issue is causes Internet Explorer users to receive a blank page every now and again because the limit on the number of cookies is being reached. In our application.cfc we have used this code in onRequestStart() to set UID, and cf vars cfcookie name=UUID value=#createUUID()# expires=never cfcookie name=cfid value=#Client.cfid# cfcookie name=cftoken value=#Client.cftoken# I have tried to use domain=www.biowishtechnologies.com path=/ but it makes no difference. The application is set out like this: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(0,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- We have also removed all cfcookie tags, and then CF set the jsessionid in a cookie. This has no change. We also moved the cookie tags into the onSessionStart, but again no difference. I put some logging in to my on session start and on app start, and here is what I found: application set as follows: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(30,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- creates one jsessionid cookie 4 x GA cookies _utma _utmb _utmc _utmz (all in lowercase) go to a sub page get an extra 2 x jsessionid cookies, 2 more sets of GA cookies but this time the names are in uppercase go to a third page I get 3 more jsessionid cookies (now a total of 6, and now have a set of 8 utma cookies. The logging suggests that the session stays, and that the onsessionstart is only called once. Information,jrpp-11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app new session Information,jrpp-11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp-11,09/16/10,13:07:35,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp-11,09/16/10,13:08:29,LOCAL.BIOWISH.LOCAL,running app on req start -- The exact same thing is happening on live with the GA cookies too. This leads me to think its not about the CF code. Why would the Google Analytics cookies be replicated and increased each request? Thanks! -- Duncan I Loxton duncan.lox...@gmail.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337163 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
Am I just tired or is this a little redundant? Set a local var equal to the cookie value, then overwrite the cookie value with the local var value? Surely I'm just reading this wrong. On Thu, Sep 16, 2010 at 8:35 PM, Andrew Scott andr...@andyscott.id.auwrote: You should be doing something like this. cfif isDefined(Cookie.CFID) AND isDefined(Cookie.CFTOKEN) cfset cfId_local = Cookie.CFID cfset cftoken_local = Cookie.CFTOKEN cfcookie name=CFID value=#cfId_local# cfcookie name=CFTOKEN value=#cftoken_local# /cfif Regards, Andrew Scott http://www.andyscott.id.au/ -Original Message- From: Duncan [mailto:duncan.lox...@gmail.com] Sent: Friday, 17 September 2010 8:29 AM To: cf-talk Subject: duplication of cookies on each request Hi Folks, I have a cookie dupication problem that I cannot get my head around. This is a duplication of my thread on cf-aussie, so apologies to those who are seeing this twice. See this page for example. http://www.biowishtechnologies.com/au/information/our- company1/senior-management-team/lorenzo-gella/ If you click through a few pages on this site, then view the cookies that have been set for it you will see they have been multiplied a lot of times, I am guessing unnecessarily. I believe these cookies should be set only once in the root of the site. This happens for the CF and Google Analytics cookies. This issue appears to occur on CF9 in development and in CF8 on live. I have tried different combinations of cfcookie and settings but nothing seems to stop it happening. I believe that this issue is causes Internet Explorer users to receive a blank page every now and again because the limit on the number of cookies is being reached. In our application.cfc we have used this code in onRequestStart() to set UID, and cf vars cfcookie name=UUID value=#createUUID()# expires=never cfcookie name=cfid value=#Client.cfid# cfcookie name=cftoken value=#Client.cftoken# I have tried to use domain=www.biowishtechnologies.com path=/ but it makes no difference. The application is set out like this: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(0,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- We have also removed all cfcookie tags, and then CF set the jsessionid in a cookie. This has no change. We also moved the cookie tags into the onSessionStart, but again no difference. I put some logging in to my on session start and on app start, and here is what I found: application set as follows: cfset this.sessionManagement = true cfset this.clientManagement = true cfset this.setClientCookies = false cfset this.sessionTimeout = CreateTimeSpan(30,0,30,0)!--- 30 minutes --- cfset this.applicationTimeout = CreateTimeSpan(31,0,0,0)!--- 31 days --- creates one jsessionid cookie 4 x GA cookies _utma _utmb _utmc _utmz (all in lowercase) go to a sub page get an extra 2 x jsessionid cookies, 2 more sets of GA cookies but this time the names are in uppercase go to a third page I get 3 more jsessionid cookies (now a total of 6, and now have a set of 8 utma cookies. The logging suggests that the session stays, and that the onsessionstart is only called once. Information,jrpp- 11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app new session Information,jrpp- 11,09/16/10,13:06:45,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp- 11,09/16/10,13:07:35,LOCAL.BIOWISH.LOCAL,running app on req start Information,jrpp- 11,09/16/10,13:08:29,LOCAL.BIOWISH.LOCAL,running app on req start -- The exact same thing is happening on live with the GA cookies too. This leads me to think its not about the CF code. Why would the Google Analytics cookies be replicated and increased each request? Thanks! -- Duncan I Loxton duncan.lox...@gmail.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337164 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
On 17/09/2010 10:49, Michael Grant wrote: Am I just tired or is this a little redundant? Set a local var equal to the cookie value, then overwrite the cookie value with the local var value? Surely I'm just reading this wrong. Its a standard trick to change the expires attribute for the cookie so it expires immediately. Close browser, open browser and it becomes a new session rather than using the still-existing cookies from before. HTH Kym K On Thu, Sep 16, 2010 at 8:35 PM, Andrew Scottandr...@andyscott.id.auwrote: You should be doing something like this. cfif isDefined(Cookie.CFID) AND isDefined(Cookie.CFTOKEN) cfset cfId_local = Cookie.CFID cfset cftoken_local = Cookie.CFTOKEN cfcookie name=CFID value=#cfId_local# cfcookie name=CFTOKEN value=#cftoken_local# /cfif -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337166 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: duplication of cookies on each request
@Andrew I have tried this with NO cfcookie tags in the code, and CF still insists on setting them each request. Wierder stillis that the Google Analytics code is doing it too, and I have NO control over it. @Michael - yes we have tried setting the cookie again, but using cfcookie appears to force a new cookie in the browserm it doesnt overwrite the existing cookie, its like isDefined() returns false all the time Again doesnt explain why the GA cookies are doing it @Kym, creating new cookies on starting a new session I would understand, but take a look at my logging, each request is within the current session, CF is not calling onSessionStart on each page refresh. We still end up with duplicte cookies, all with values accumulated from the previous request. On Fri, Sep 17, 2010 at 11:50 AM, Kym Kovan dev-li...@mbcomms.net.auwrote: On 17/09/2010 10:49, Michael Grant wrote: Am I just tired or is this a little redundant? Set a local var equal to the cookie value, then overwrite the cookie value with the local var value? Surely I'm just reading this wrong. Its a standard trick to change the expires attribute for the cookie so it expires immediately. Close browser, open browser and it becomes a new session rather than using the still-existing cookies from before. HTH Kym K On Thu, Sep 16, 2010 at 8:35 PM, Andrew Scottandr...@andyscott.id.au wrote: You should be doing something like this. cfif isDefined(Cookie.CFID) AND isDefined(Cookie.CFTOKEN) cfset cfId_local = Cookie.CFID cfset cftoken_local = Cookie.CFTOKEN cfcookie name=CFID value=#cfId_local# cfcookie name=CFTOKEN value=#cftoken_local# /cfif -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337168 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: .net cookies transfer to CF Session Values?
James Holmes wrote: So, basically, the username and password is written out in plain text in the cookie for anyone to steal. Great security. I didn't write the .net part! But yup, I didn't like the way it looked either. But: a. I like my job b. they pay well and often c. the .net folks are IN HOUSE and I'm not d. they *hate* Coldfusion e. keep my mouth shut = keep my job! Read the value of the cookie from the COOKIE scope and send the user|pass|pin to your code to log them in. That was the plan - I just wasn't sure how to grab the values to start with. Then, hope that no-one executes a successful XSS attack on your users. Then, fire the .NET developer. ...and I'll let the in-house IT department worry about that part! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321299 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
.net cookies transfer to CF Session Values?
I've got a client that's decided to try and use a .net login system written for one of their sites for *all* their sites, including the huge CF site I maintain for them. Looking at the .net code for this thing *really* reminds me why I like Coldfusion so much - sheesh, 15 or so files and a couple thousand lines of code to log somebody in? Anyway, it all comes down to the below if the login is successful: Response.Cookies[mysite_loggedin].Value = user+|+pass+|+pin; Response.Cookies[mysite_loggedin].Expires = DateTime.Now.AddDays(14); HttpCookie aCookie = new HttpCookie(mysite_loggedin); aCookie.Value = user+|+pass+|+pin; aCookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(aCookie); I'd like to be able to transfer those cookie values over to CF Session values, which thusly would have them counted as logged in on the CF Admin section of the CF site. I'm not .net literate - but could somebody point me in the right direction to be able to swap the .net cookes/values for CF session values? Ideas? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321232 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: .net cookies transfer to CF Session Values?
write them to javascript cookie vars, then yank them outta there into cf session variables cfRas On Thu, Apr 2, 2009 at 11:50 AM, Les Mizzell lesm...@bellsouth.net wrote: I've got a client that's decided to try and use a .net login system written for one of their sites for *all* their sites, including the huge CF site I maintain for them. Looking at the .net code for this thing *really* reminds me why I like Coldfusion so much - sheesh, 15 or so files and a couple thousand lines of code to log somebody in? Anyway, it all comes down to the below if the login is successful: Response.Cookies[mysite_loggedin].Value = user+|+pass+|+pin; Response.Cookies[mysite_loggedin].Expires = DateTime.Now.AddDays(14); HttpCookie aCookie = new HttpCookie(mysite_loggedin); aCookie.Value = user+|+pass+|+pin; aCookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(aCookie); I'd like to be able to transfer those cookie values over to CF Session values, which thusly would have them counted as logged in on the CF Admin section of the CF site. I'm not .net literate - but could somebody point me in the right direction to be able to swap the .net cookes/values for CF session values? Ideas? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321236 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: .net cookies transfer to CF Session Values?
So, basically, the username and password is written out in plain text in the cookie for anyone to steal. Great security. Anyway, don't just trust the existence of the cookie - you need to log the user in to your site with the username and password. Otherwise, I can just manipulate my browser to set a cookie called mysite_loggedin and get logged in to your site. Read the value of the cookie from the COOKIE scope and send the user|pass|pin to your code to log them in. Then, hope that no-one executes a successful XSS attack on your users. Then, fire the .NET developer. mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/4/2 Les Mizzell lesm...@bellsouth.net: I've got a client that's decided to try and use a .net login system written for one of their sites for *all* their sites, including the huge CF site I maintain for them. Looking at the .net code for this thing *really* reminds me why I like Coldfusion so much - sheesh, 15 or so files and a couple thousand lines of code to log somebody in? Anyway, it all comes down to the below if the login is successful: Response.Cookies[mysite_loggedin].Value = user+|+pass+|+pin; Response.Cookies[mysite_loggedin].Expires = DateTime.Now.AddDays(14); HttpCookie aCookie = new HttpCookie(mysite_loggedin); aCookie.Value = user+|+pass+|+pin; aCookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(aCookie); I'd like to be able to transfer those cookie values over to CF Session values, which thusly would have them counted as logged in on the CF Admin section of the CF site. I'm not .net literate - but could somebody point me in the right direction to be able to swap the .net cookes/values for CF session values? Ideas? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321258 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CDN and Cookies
Hello, We are set to start using a Content Delivery Network shortly. For those not familiar, the idea is that when someone requests www.mysite.com, the CDN intercepts that request, and either sends back cached content if it has it, or goes to origin.mysite.com to retrieve fresh content. Because of this, I believe I need to set setDomainCookies=true in Application.cfc so that the sessions are maintained whether the request is from origin.mysite.com or www.mysite.com. 1) Is this correct? I mean when the CDN sends the request to origin.mysite.com for fresh content, CF will try to set cookies for origin.mysite.com, yes? 2) If I do this change to setDomainCookies=true, will it kill all the current sessions on the server? -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310305 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CDN and Cookies
Josh, Your belief might not be correct, although it can depend on what content you are serving, how that CDN is set up, and how your sessions are set up. If a session is established on Server A, then activities on Server B generally won't impact Server A. If you are only serving cached content or images on Server B, then I doubt Server B benefits from session variables at all. Even with domain cookies set, activities on Server B won't prolong the Server A session since the session is maintained on the server, not in the cookie. Setting domain cookies would potentially be a mistake, since you would be adding overhead with no benefit. If a.site.com has all your dynamic content and sessions while b.site.com has all your images, the Web browser can not only load the site faster because this gets around the HTTP simultaneous connection limits, but it is also faster because you don't have to send pointless cookie information to b.site.com with every image request. So for many people looking to optimize network traffic, the goal is to avoid sending cookies to all the servers. The main uncertainty is what type of CDN you are using. Most often these are used to help deliver static Web content or files, as opposed to dynamic Web site content. I would expect that your CDN provider has a FAQ or technical guide that discusses how to handle session variables if you are serving dynamic content. That is where I would look for this information. For your second question, I would assume the answer is no, but I would certainly test this if it is a concern for you. -Mike Chabot On Wed, Aug 6, 2008 at 3:07 PM, Josh Nathanson [EMAIL PROTECTED] wrote: Hello, We are set to start using a Content Delivery Network shortly. For those not familiar, the idea is that when someone requests www.mysite.com, the CDN intercepts that request, and either sends back cached content if it has it, or goes to origin.mysite.com to retrieve fresh content. Because of this, I believe I need to set setDomainCookies=true in Application.cfc so that the sessions are maintained whether the request is from origin.mysite.com or www.mysite.com. 1) Is this correct? I mean when the CDN sends the request to origin.mysite.com for fresh content, CF will try to set cookies for origin.mysite.com, yes? 2) If I do this change to setDomainCookies=true, will it kill all the current sessions on the server? -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310308 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CDN and Cookies
Mike, All the requests will be going through www.mysite.com and intercepted by the CDN via a cname directive. There are no requests from the end user to origin.mysite.com. The CDN then decides, based on the expires header, whether to go get fresh content from origin.mysite.com. It's called reverse proxy acquisition. So, only cookies from www.mysite.com will be sent in the request, not cookies from origin.mysite.com. The dns will look like this: www.mysite.com CNAME www.CDNsite.com origin.mysite.com CNAME mysite.com As you say, only images and videos will be cached on the CDN, and all dynamic content will be fetched by the CDN from origin.mysite.com (no dynamic requests are cached). origin.mysite.com is where the sessions will be living as well. My question is, given that scenario, if I start a session on the site and then open up the cookies panel in Firefox, will the cookie folder say www.mysite.com or origin.mysite.com? There is no information on their site as regards sessions. Thanks for your help. -- Josh - Original Message - From: Mike Chabot [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Wednesday, August 06, 2008 1:42 PM Subject: Re: CDN and Cookies Josh, Your belief might not be correct, although it can depend on what content you are serving, how that CDN is set up, and how your sessions are set up. If a session is established on Server A, then activities on Server B generally won't impact Server A. If you are only serving cached content or images on Server B, then I doubt Server B benefits from session variables at all. Even with domain cookies set, activities on Server B won't prolong the Server A session since the session is maintained on the server, not in the cookie. Setting domain cookies would potentially be a mistake, since you would be adding overhead with no benefit. If a.site.com has all your dynamic content and sessions while b.site.com has all your images, the Web browser can not only load the site faster because this gets around the HTTP simultaneous connection limits, but it is also faster because you don't have to send pointless cookie information to b.site.com with every image request. So for many people looking to optimize network traffic, the goal is to avoid sending cookies to all the servers. The main uncertainty is what type of CDN you are using. Most often these are used to help deliver static Web content or files, as opposed to dynamic Web site content. I would expect that your CDN provider has a FAQ or technical guide that discusses how to handle session variables if you are serving dynamic content. That is where I would look for this information. For your second question, I would assume the answer is no, but I would certainly test this if it is a concern for you. -Mike Chabot ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310314 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CDN and Cookies
Josh, I think this would depend on how the proxy server is set up to communicate with the origin server and whether or not it modifies cookies. Proxy servers can do anything they are programmed to do, so I would call up the company to get this information on how cookies are handled. If the CDN provider is established and experienced, I would assume that they have programmed their proxy servers to handle the cookie issues seamlessly, which would mean that a cookie set for www.mysite.com would be modified and sent to origin.mysite.com in a way that origin.mysite.com could read it without any security issues. Clearly I'm speculating here. My experience with these CDNs mainly comes from caching static files like images or JavaScript files, which don't have any cookie issues. Someone else on this list might have more experience with this reverse proxy setup. Good luck, Mike Chabot On Wed, Aug 6, 2008 at 5:22 PM, Josh Nathanson [EMAIL PROTECTED] wrote: Mike, All the requests will be going through www.mysite.com and intercepted by the CDN via a cname directive. There are no requests from the end user to origin.mysite.com. The CDN then decides, based on the expires header, whether to go get fresh content from origin.mysite.com. It's called reverse proxy acquisition. So, only cookies from www.mysite.com will be sent in the request, not cookies from origin.mysite.com. The dns will look like this: www.mysite.com CNAME www.CDNsite.com origin.mysite.com CNAME mysite.com As you say, only images and videos will be cached on the CDN, and all dynamic content will be fetched by the CDN from origin.mysite.com (no dynamic requests are cached). origin.mysite.com is where the sessions will be living as well. My question is, given that scenario, if I start a session on the site and then open up the cookies panel in Firefox, will the cookie folder say www.mysite.com or origin.mysite.com? There is no information on their site as regards sessions. Thanks for your help. -- Josh - Original Message - From: Mike Chabot [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Wednesday, August 06, 2008 1:42 PM Subject: Re: CDN and Cookies Josh, Your belief might not be correct, although it can depend on what content you are serving, how that CDN is set up, and how your sessions are set up. If a session is established on Server A, then activities on Server B generally won't impact Server A. If you are only serving cached content or images on Server B, then I doubt Server B benefits from session variables at all. Even with domain cookies set, activities on Server B won't prolong the Server A session since the session is maintained on the server, not in the cookie. Setting domain cookies would potentially be a mistake, since you would be adding overhead with no benefit. If a.site.com has all your dynamic content and sessions while b.site.com has all your images, the Web browser can not only load the site faster because this gets around the HTTP simultaneous connection limits, but it is also faster because you don't have to send pointless cookie information to b.site.com with every image request. So for many people looking to optimize network traffic, the goal is to avoid sending cookies to all the servers. The main uncertainty is what type of CDN you are using. Most often these are used to help deliver static Web content or files, as opposed to dynamic Web site content. I would expect that your CDN provider has a FAQ or technical guide that discusses how to handle session variables if you are serving dynamic content. That is where I would look for this information. For your second question, I would assume the answer is no, but I would certainly test this if it is a concern for you. -Mike Chabot ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310321 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CDN and Cookies
Mike, I did a test run about an hour ago. The cookies were handled fine, so I assume the CDN provider has their proxy servers set up to handle this, as you say. On the other hand, I found out they do not accept https requests. I had taken this to mean they would pass through https requests to the origin server for handling; however, the request simply is halted entirely and the page times out after a long wait. Not exactly a robust solution. So, a little rearchitecting on my part will be needed to account for that. FWIW, the company is called Velocix. They have a free CDN solution for up to 500GB of traffic per month. -- Josh - Original Message - From: Mike Chabot [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Wednesday, August 06, 2008 3:50 PM Subject: Re: CDN and Cookies Josh, I think this would depend on how the proxy server is set up to communicate with the origin server and whether or not it modifies cookies. Proxy servers can do anything they are programmed to do, so I would call up the company to get this information on how cookies are handled. If the CDN provider is established and experienced, I would assume that they have programmed their proxy servers to handle the cookie issues seamlessly, which would mean that a cookie set for www.mysite.com would be modified and sent to origin.mysite.com in a way that origin.mysite.com could read it without any security issues. Clearly I'm speculating here. My experience with these CDNs mainly comes from caching static files like images or JavaScript files, which don't have any cookie issues. Someone else on this list might have more experience with this reverse proxy setup. Good luck, Mike Chabot On Wed, Aug 6, 2008 at 5:22 PM, Josh Nathanson [EMAIL PROTECTED] wrote: Mike, All the requests will be going through www.mysite.com and intercepted by the CDN via a cname directive. There are no requests from the end user to origin.mysite.com. The CDN then decides, based on the expires header, whether to go get fresh content from origin.mysite.com. It's called reverse proxy acquisition. So, only cookies from www.mysite.com will be sent in the request, not cookies from origin.mysite.com. The dns will look like this: www.mysite.com CNAME www.CDNsite.com origin.mysite.com CNAME mysite.com As you say, only images and videos will be cached on the CDN, and all dynamic content will be fetched by the CDN from origin.mysite.com (no dynamic requests are cached). origin.mysite.com is where the sessions will be living as well. My question is, given that scenario, if I start a session on the site and then open up the cookies panel in Firefox, will the cookie folder say www.mysite.com or origin.mysite.com? There is no information on their site as regards sessions. Thanks for your help. -- Josh - Original Message - From: Mike Chabot [EMAIL PROTECTED] To: CF-Talk cf-talk@houseoffusion.com Sent: Wednesday, August 06, 2008 1:42 PM Subject: Re: CDN and Cookies Josh, Your belief might not be correct, although it can depend on what content you are serving, how that CDN is set up, and how your sessions are set up. If a session is established on Server A, then activities on Server B generally won't impact Server A. If you are only serving cached content or images on Server B, then I doubt Server B benefits from session variables at all. Even with domain cookies set, activities on Server B won't prolong the Server A session since the session is maintained on the server, not in the cookie. Setting domain cookies would potentially be a mistake, since you would be adding overhead with no benefit. If a.site.com has all your dynamic content and sessions while b.site.com has all your images, the Web browser can not only load the site faster because this gets around the HTTP simultaneous connection limits, but it is also faster because you don't have to send pointless cookie information to b.site.com with every image request. So for many people looking to optimize network traffic, the goal is to avoid sending cookies to all the servers. The main uncertainty is what type of CDN you are using. Most often these are used to help deliver static Web content or files, as opposed to dynamic Web site content. I would expect that your CDN provider has a FAQ or technical guide that discusses how to handle session variables if you are serving dynamic content. That is where I would look for this information. For your second question, I would assume the answer is no, but I would certainly test this if it is a concern for you. -Mike Chabot ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310323
Re: Cold Fusion Cookies
What does the firefox web developer extension say about the cookie when it's created? On Wed, Jun 18, 2008 at 2:15 AM, Cody W. [EMAIL PROTECTED] wrote: http://69.26.48.70Hello, I am currently working on a small application that uses CFcookies to let people into this particular microsite. If the cookie does not exist the application forces them to the register page. My problem comes when trying to create the Cookie. cfcookie name=dmcrmMicroIDcookie expires=10 domain=.somecompany.com value=#session.MicrositeRegistrationID# It seems that no matter what I set the expires attribute to the cookie is still set to session only and is deleted when the user leaves the page, forcing them to re-register each time they visit. I just need advice on how to have the cookie persist through browser sessions. Any advice is appreciated. Thank you in advanced. CW ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:307656 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Cold Fusion Cookies
http://69.26.48.70Hello, I am currently working on a small application that uses CFcookies to let people into this particular microsite. If the cookie does not exist the application forces them to the register page. My problem comes when trying to create the Cookie. cfcookie name=dmcrmMicroIDcookie expires=10 domain=.somecompany.com value=#session.MicrositeRegistrationID# It seems that no matter what I set the expires attribute to the cookie is still set to session only and is deleted when the user leaves the page, forcing them to re-register each time they visit. I just need advice on how to have the cookie persist through browser sessions. Any advice is appreciated. Thank you in advanced. CW ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:307621 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
cookies across servers
Hey all, Is it possible to have a cookie, accessible by two different sites on different servers? What I've got is a login information cookie, that is supposed to allow access to two different sites, under different domains, on different servers. Thanks sas -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304850 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: cookies across servers
What I've got is a login information cookie, that is supposed to allow access to two different sites, under different domains, on different servers. Cookies cannot be shared across domains. You will need to pass that information another way. One fairly easy way to do that is to have the login process reference content in both domains. Each domain can then set the necessary cookie. You could do this with CFHTTP as long as your cookies aren't restricted by IP address. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304893 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Checking if browser has cookies enabled
We've got a public Web site built on MX 6.1. We have a lot of problems with users who don't have cookies enabled in their browsers. This causes problems, especially, when users are attempting to log in. I know I can check if cookies are enabled by creating a cookie variable on one template and then checking for the existence of that variable on another template. So, on our development site, I've added some code which creates a cookie variable on every page of the site. Then, I've added some code to the template which our login page submits to. That template checks for the existence of the cookie, and if it doesn't find it, it redirects (using the cflocation tag) to a page which displays a message about cookies not being enabled and provides instructions on how to enable them in different browsers. This works. The problem is that if the user clicks the Back button on the Cookies Not Enabled page after enabling cookies, they go back to the login page, but the cached version of the login page (accessed by the Back button) does not create the cookie variable. So, when the user tries to log in again, they still get the Cookies Not Enabled page, even though cookies are now enabled. If the user then clicks the Back button again and logs in again, the Cookies Not Enabled page will not display and the log in will work properly because by this time, the cookie variable has been created, but I don't want to force our users to try logging in three times before it works. I'm wondering if there is a better way to check if cookies are enabled in a user's browser which avoids this problem with the Back button. Keep in mind that we have a lot of different entry points to our site. Thanks, David ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300860 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
I didn't get any takers with this. Anyone? ~Brad -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, February 22, 2008 4:07 PM To: CF-Talk Subject: accepting/returning cookies with cfinvoke If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? I'm thinking no, but how then does one do that? ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299829 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: accepting/returning cookies with cfinvoke
Do many web services use cookies? I think authentication is usually controlled by having you send your credentials with each request. Or you send your credentials initially, then are given a token you must pass back in with each request. -Ryan Brad Wood wrote: I didn't get any takers with this. Anyone? ~Brad -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, February 22, 2008 4:07 PM To: CF-Talk Subject: accepting/returning cookies with cfinvoke If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? I'm thinking no, but how then does one do that? ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299832 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: accepting/returning cookies with cfinvoke
On Monday 25 Feb 2008, Brad Wood wrote: If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? This is just guess work, but: CFHTTP will not pass on cookies from the web browser's request, nor will it take cookies returned in the response to CFHTTP and append them to the response to the web browser - it's a totally new request managed by CF, not the browser. That said, there is nothing to stop you putting COOKIE.foo into the CFHTTP response and/or parsing the cookies back out of the CFHTTP response and setting them with CFCOOKIE. -- Tom Chiverton Helping to authoritatively utilize third-generation systems on: http://thefalken.livejournal.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299831 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
If you must use cookies, use CFHTTP, or Apache HTTPClient, which I believe you can configure to automatically keep the cookies. Russ -Original Message- From: Ryan Stille [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 11:26 AM To: CF-Talk Subject: Re: accepting/returning cookies with cfinvoke Do many web services use cookies? I think authentication is usually controlled by having you send your credentials with each request. Or you send your credentials initially, then are given a token you must pass back in with each request. -Ryan Brad Wood wrote: I didn't get any takers with this. Anyone? ~Brad -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, February 22, 2008 4:07 PM To: CF-Talk Subject: accepting/returning cookies with cfinvoke If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? I'm thinking no, but how then does one do that? ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299834 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: accepting/returning cookies with cfinvoke
In a thread I just posted today I discussed a component I wrote that uses WinHTTPRequest ( http://msdn.microsoft.com/library/en-us/winhttp/http/winhttprequest.asp). I use the component as an interface to load data using a user-authenticated web site. The site is designed as a user interface and NOT a web service. The response header that comes back holds cookie values. I parse the header and capture the cookie values and them pass them with each subsequent request as well as passing the previous requested page as the referrer. Let me know if there are specific details I can help you with. On Mon, Feb 25, 2008 at 11:26 AM, Ryan Stille [EMAIL PROTECTED] wrote: Do many web services use cookies? I think authentication is usually controlled by having you send your credentials with each request. Or you send your credentials initially, then are given a token you must pass back in with each request. -Ryan Brad Wood wrote: I didn't get any takers with this. Anyone? ~Brad -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, February 22, 2008 4:07 PM To: CF-Talk Subject: accepting/returning cookies with cfinvoke If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? I'm thinking no, but how then does one do that? ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299835 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
Does cfhttp automatically accept cookies and pass them back, or does it just give me access to the response so I can pull them out myself? As far as Apache HTTPClient goes-- this is really a curious experiment in the can ColdFusion do this without any help category. :) ~Brad -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 10:55 AM To: CF-Talk Subject: RE: accepting/returning cookies with cfinvoke If you must use cookies, use CFHTTP, or Apache HTTPClient, which I believe you can configure to automatically keep the cookies. Russ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299837 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: accepting/returning cookies with cfinvoke
CF doesn't automatically keep cookies between requests, but you can grab the cookies from the response and send them with your next response using CFHTTP. Russ -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 12:00 PM To: CF-Talk Subject: RE: accepting/returning cookies with cfinvoke Does cfhttp automatically accept cookies and pass them back, or does it just give me access to the response so I can pull them out myself? As far as Apache HTTPClient goes-- this is really a curious experiment in the can ColdFusion do this without any help category. :) ~Brad -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 10:55 AM To: CF-Talk Subject: RE: accepting/returning cookies with cfinvoke If you must use cookies, use CFHTTP, or Apache HTTPClient, which I believe you can configure to automatically keep the cookies. Russ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299839 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
Does cfhttp automatically accept cookies and pass them back, or does it just give me access to the response so I can pull them out myself? It just gives you access to the response. You're responsible for cookie management with CFHTTP. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299840 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: accepting/returning cookies with cfinvoke
Thanks. I'm on Linux though so I don't think WinHTTP would help. I wanted to know if CF could do it all by itself though without resorting to a third party app. ~Brad -Original Message- From: Sonny Savage [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 10:56 AM To: CF-Talk Subject: Re: accepting/returning cookies with cfinvoke In a thread I just posted today I discussed a component I wrote that uses WinHTTPRequest ( http://msdn.microsoft.com/library/en-us/winhttp/http/winhttprequest.asp) .. I use the component as an interface to load data using a user-authenticated web site. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299836 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
Thanks Russ and Dave-- that answers the bulk of my question. If anyone has a blog off the top of their head demonstrating this, now would be a perfect time to mention it. :) ~Brad -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 11:14 AM To: CF-Talk Subject: RE: accepting/returning cookies with cfinvoke Does cfhttp automatically accept cookies and pass them back, or does it just give me access to the response so I can pull them out myself? It just gives you access to the response. You're responsible for cookie management with CFHTTP. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299841 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
If anyone has a blog off the top of their head demonstrating this, now would be a perfect time to mention it. === Actually I found a good one myself. http://www.bennadel.com/blog/725-Maintaining-Sessions-Across-Multiple-Co ldFusion-CFHttp-Requests.htm Thanks Ben. :) ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299842 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: accepting/returning cookies with cfinvoke
This post might be of some help, or at least get you thinking in different directions. I'm not sure if it's translates to cfinvoke or not. It looks like you have to get down and dirty with the webservice engine CF uses which is Apache's Axis. http://tjordahl.blogspot.com/2006/06/how-to-get-web-service-response.html Good luck! If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299844 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: accepting/returning cookies with cfinvoke
Thanks Russ and Dave-- that answers the bulk of my question. If anyone has a blog off the top of their head demonstrating this, now would be a perfect time to mention it. :) I don't know of a blog entry on this, but here's a code sample demonstrating the use of CFHTTP to work with the Connect (formerly Breeze) API: cfcomponent extends=breezeobj hint=This component is used to connect to the Breeze server. All other components within this package rely on this component to connect. An instance of this component is required as an argument when creating other components within the package. cfset instance = StructNew() cfset instance.breezeServerURL = cfset instance.breezeServerQueryString = api/xml? cfset instance.accesskey = cfset instance.logincookie = cfset instance.lastHTTPResponse = cfset instance.connectionStatus = false cffunction name=init access=public returntype=breeze output=false hint=This method must be called upon instantiation of the component. cfargument name=username type=string required=yes cfargument name=password type=string required=yes cfargument name=URL type=string required=yes cfset var postvars = StructNew() cfset var HTTPResponse = cfset instance.breezeServerURL = Arguments.URL cfset postvars[action] = login cfset postvars[login] = Arguments.username cfset postvars[password] = Arguments.password cfset HTTPResponse = sendRequest(postvars) cfset instance.logincookie = ListLast(ListFirst(sendRequest(postvars).ResponseHeader[Set-Cookie], ;), =) cfreturn this /cffunction cffunction name=sendRequest access=package returntype=struct output=false hint=This method is used to communicate via HTTP with the Breeze server. cfargument name=postvars type=struct required=yes cfset var HTTPResponse = cfset var HTTPURL = instance.breezeServerURL instance.breezeServerQueryString cfset var i = cftry cfhttp url=#HTTPURL# method=post timeout=30 throwonerror=yes cfif Len(instance.logincookie) cfhttpparam type=Header name=Cookie value=BREEZESESSION=#instance.logincookie# /cfif cfloop collection=#Arguments.postvars# item=i cfhttpparam type=Formfield name=#LCase(i)# value=#Arguments.postvars[i]# /cfloop /cfhttp cfset instance.lastHTTPResponse = Duplicate(CFHTTP) cfcatch type=any cfthrow type=breeze.HTTPError message=Unable to communicate with Breeze Server detail=No details available. /cfcatch /cftry cftry cfset instance.lastHTTPResponse.XMLContent = XmlParse(instance.lastHTTPResponse.FileContent) cfcatch type=any cfthrow type=breeze.invalidResponse message=Invalid response received from Breeze Server detail=#instance.lastHTTPResponse.FileContent# /cfcatch /cftry cfreturn instance.lastHTTPResponse /cffunction cffunction name=getBreezeServerURL access=package returntype=string output=false cfreturn instance.breezeServerURL /cffunction cffunction name=setCookie access=public returntype=boolean output=true hint=This method is used to log a user's browser into the Breeze server. cfset var domain = CreateObject(component, components.breeze.util).parseURL(instance.breezeServerURL).domain cfcookie name=BREEZESESSION value=#instance.logincookie# domain=.#domain# cfreturn true /cffunction cffunction name=addSessionTokenToURL access=package returntype=string cfargument name=url required=yes type=string cfset var sessionToken = cfif Arguments.url contains ? cfset sessionToken = cfelse cfset sessionToken = ? /cfif cfset sessionToken = sessionToken session= instance.logincookie cfreturn Arguments.url sessionToken /cffunction cffunction
RE: accepting/returning cookies with cfinvoke
Thanks Jeff. That is pretty cool. This post here (which is linked to from the post you sent me) http://tjordahl.blogspot.com/2006/06/how-to-set-cookies-in-coldfusion-so ap.html Shows how to send cookies in a web service call make with create object. Of course, this is all a little hacked in/dependant on ColdFusion always using Axis under the hood. I don't know what the syntax would look like, but it would be nice if you could signal ColdFusion to automatically store and re-send cookies. You could then specify if you wanted them persisted in application, session, or request etc. I dunno-- maybe there's a really good and complicated reason why that wouldn't work. Or maybe most web services don't use cookies, so it's never been worth8 Adobe's time to do that. I guess I can always throw it in the pot for a CF9 enhancement suggestion. :) ~Brad -Original Message- From: Jeff Price [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 11:34 AM To: CF-Talk Subject: Re: accepting/returning cookies with cfinvoke This post might be of some help, or at least get you thinking in different directions. I'm not sure if it's translates to cfinvoke or not. It looks like you have to get down and dirty with the webservice engine CF uses which is Apache's Axis. http://tjordahl.blogspot.com/2006/06/how-to-get-web-service-response.htm l Good luck! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299848 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: accepting/returning cookies with cfinvoke
Of course, this is all a little hacked in/dependant on ColdFusion always using Axis under the hood. ColdFusion always does use Axis for web services, so I wouldn't worry about that. Adobe's Tom Jordahl was a lead contributor to Axis for a long time. I don't know what the syntax would look like, but it would be nice if you could signal ColdFusion to automatically store and re-send cookies. You could then specify if you wanted them persisted in application, session, or request etc. I dunno-- maybe there's a really good and complicated reason why that wouldn't work. Or maybe most web services don't use cookies, so it's never been worth8 Adobe's time to do that. Most web services don't use cookies, but it would be nice if CF could more easily consume the ones that do. Generally, though, most web services I've seen either use SOAP headers for this, or they have a login service that returns a value that is used as an argument for subsequent service calls. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299851 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
accepting/returning cookies with cfinvoke
If I am using cfinvoke to consume a web service, will ColdFusion accept and or return cookies set by the third party for authentication purposes? I'm thinking no, but how then does one do that? ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299758 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Losing Cookies with IE Browsers
Hello Guys, I was just wondering if anyone here have experienced the same situation I'm in right now. In a nutshell, I'm noticing on my ecommerce website the cookie holding the shopping cart ID is being dropped after several clicks through the website only with IE browsers. With the same code, it works just fine with FireFox/Netscape browers. Here's how my database driven shopping cart works on my site. In the Application.cfm I have these lines of code: cfif NOT IsDefined(COOKIE.LastCartID) cfset newCCID = #CreateUUID()# cfcookie name=LastCartID value=#newCCID# expires=NEVER cflock timeout=30 throwontimeout=No name=#SESSION.SessionID# type=EXCLUSIVE cfset SESSION.CartID = COOKIE.LastCartID /cflock /cfif A first time visitor will have a new cart ID created and saved to a cookie (COOKIE.LastCartID) and to a session variable (SESSION.CartID). Once the mini shopping cart is reached, a query is made to the cart database to find contents of the cart and will display the data. New customers will return 0 contents obviously but returning customers who added items in a previous session will display as such. Now, what I noticed is after adding an item to the cart and making about 20 or so click throughs on the site, the cart returns 0 items and with my debugging code on, a whole new cookie ID is created as well as other session variables (CFID, CFTOKEN, etc.) I'm just wondering if anyone else experienced this and what strategies should I undertake to resolve this. This is an issue specific to IE browsers. Thanks. Orlando ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299069 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFHTTP and cookies
How does a CF server handle cookies sent by a web site when the site is accessed via cfhttp...? Is there anyway to capture and do something with such a cookie? TIA Ian ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295105 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: CFHTTP and cookies
How does a CF server handle cookies sent by a web site when the site is accessed via cfhttp...? By default, it doesn't do anything with those cookies. Is there anyway to capture and do something with such a cookie? Yes, they're available within the CFHTTP.Header string or the CFHTTP.ResponseHeader structure. You can read them out, then send them in subsequent CFHTTP requests using CFHTTPPARAM TYPE=COOKIE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295123 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: What could cause empty cftokens in cookies?
Mike Chabot wrote: The referrers are all - although I only examined one week of log files. All the users with the issue are using Firefox, but that may just be a coincidence. This organization has hundreds of CF apps under the same domain. If someone is using domain cookies, then the problem could be anywhere. I noticed that nearly all the problem cookies contain jsessionids. The department I am working with doesn't use jsessionids, so these values must be getting set by another department in the organization. That is a plausible explanation: somebody tries to add some extra security by removing CFID and CFTOKEN cookies to force the use of a jsessionid. You might want to try and do a DNS listing for the entire domain and set up a crawler that examines the cookie responses of each site. Jochem ~| ColdFusion 8 - Build next generation apps today, with easy PDF and Ajax features - download now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289591 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: What could cause empty cftokens in cookies?
Mike Chabot wrote: Looking at IIS log files, I am seeing a lot of people arriving on a CF server with empty cfid and empty cftoken values in their cookies. By empty values, I mean specifically that the entries look like cfid=;cftoken=; What referrer do they have? Jochem ~| ColdFusion 8 - Build next generation apps today, with easy PDF and Ajax features - download now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289538 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: What could cause empty cftokens in cookies?
Do you ever cfparam those cookies (to empty values)? cfparam with the cookie scope will cause those cookies to be sent on the user's browser with the default value in cfparam, which is usually not what you want to happen. If the cfparam is before your cfapplication tag then maybe you could get the situation you describe. Thanks Mark -Original Message- From: Mike Chabot [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 25, 2007 11:28 PM To: CF-Talk Subject: What could cause empty cftokens in cookies? Looking at IIS log files, I am seeing a lot of people arriving on a CF server with empty cfid and empty cftoken values in their cookies. By empty values, I mean specifically that the entries look like cfid=;cftoken=; I am wondering if anybody knows what could be causing these cookie values to be cleared out, other than code specifically setting the values to be an empty string? Are there firewalls out there that strip out these values? Is there a Firefox plugin that strips out these values? Thank you, Mike Chabot ~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289552 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: What could cause empty cftokens in cookies?
The referrers are all - although I only examined one week of log files. All the users with the issue are using Firefox, but that may just be a coincidence. This organization has hundreds of CF apps under the same domain. If someone is using domain cookies, then the problem could be anywhere. I noticed that nearly all the problem cookies contain jsessionids. The department I am working with doesn't use jsessionids, so these values must be getting set by another department in the organization. -Mike Chabot On 9/26/07, Jochem van Dieten [EMAIL PROTECTED] wrote: Mike Chabot wrote: Looking at IIS log files, I am seeing a lot of people arriving on a CF server with empty cfid and empty cftoken values in their cookies. By empty values, I mean specifically that the entries look like cfid=;cftoken=; What referrer do they have? Jochem ~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289558 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4