RE: Application.cfm, Session Management, and a lot less hair!
Ken This is the code I use for client variables (just replace client. with session.): You then need to append "&#application.addtoken#" to the end of every hyperlink, form posting, and cflocation in your web site. Also for cflocation you need to set the attribute "Addtoken = No". This will then append the CFID and CFTOKEN to the end of the url or an empty string, depnding on whether the user has cookies turned on or not. The second bit of code simply ensures that the session is killed when the user closes the browser so doesn't rely on the session/client timeout specified in the application.cfm or by the CFServer -- Andrew Ewings Project Manager Thoughtbubble Ltd http://www.thoughtbubble.net -- United Kingdom http://www.thoughtbubble.co.uk/ Tel: +44 (0) 20 7387 8890 -- New Zealand http://www.thoughtbubble.co.nz/ Tel: +64 (0) 9 488 9131 -- The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). Any views or opinions presented are solely those of the author and do not necessarily represent those of Thoughtbubble. This information may be subject to legal, professional or other privilege and further distribution of it is strictly prohibited without our authority. If you are not the intended recipient, you are not authorised to disclose, copy, distribute, or retain this message. Please notify us on +44 (0)207 387 8890. -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: 16 February 2001 15:41 To: CF-Talk Subject: RE: Application.cfm, Session Management, and a lot less hair! HI Andy, Thanks that would be great...I had seen some code using tokens,etc. but I could not make it work!! Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 -Original Message- From: Andy Ewings [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: CF-Talk Subject: RE: Application.cfm, Session Management, and a lot less hair! Are you locking the seesion variables?...a test would be to switch to client variables and see if you still hget the same problem. Incedentally. If you want to maintain sessions regardless of whether the user has session level cookies swithched on or off then I'll post a bit of code which you stick in your application.cfm that will solve this. -- Andrew Ewings Project Manager Thoughtbubble Ltd http://www.thoughtbubble.net -- United Kingdom http://www.thoughtbubble.co.uk/ Tel: +44 (0) 20 7387 8890 -- New Zealand http://www.thoughtbubble.co.nz/ Tel: +64 (0) 9 488 9131 -- The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). Any views or opinions presented are solely those of the author and do not necessarily represent those of Thoughtbubble. This information may be subject to legal, professional or other privilege and further distribution of it is strictly prohibited without our authority. If you are not the intended recipient, you are not authorised to disclose, copy, distribute, or retain this message. Please notify us on +44 (0)207 387 8890. -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: 16 February 2001 14:58 To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on
RE: Application.cfm, Session Management, and a lot less hair!
HI Andy, Thanks that would be great...I had seen some code using tokens,etc. but I could not make it work!! Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 -Original Message- From: Andy Ewings [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: CF-Talk Subject: RE: Application.cfm, Session Management, and a lot less hair! Are you locking the seesion variables?...a test would be to switch to client variables and see if you still hget the same problem. Incedentally. If you want to maintain sessions regardless of whether the user has session level cookies swithched on or off then I'll post a bit of code which you stick in your application.cfm that will solve this. -- Andrew Ewings Project Manager Thoughtbubble Ltd http://www.thoughtbubble.net -- United Kingdom http://www.thoughtbubble.co.uk/ Tel: +44 (0) 20 7387 8890 -- New Zealand http://www.thoughtbubble.co.nz/ Tel: +64 (0) 9 488 9131 -- The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). Any views or opinions presented are solely those of the author and do not necessarily represent those of Thoughtbubble. This information may be subject to legal, professional or other privilege and further distribution of it is strictly prohibited without our authority. If you are not the intended recipient, you are not authorised to disclose, copy, distribute, or retain this message. Please notify us on +44 (0)207 387 8890. -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: 16 February 2001 14:58 To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. It is the intermittent nature of this problem that is causing me the most trouble in trying to solve it. Please note that we have never had a problem from our development machines. If anyone has any input on this problem I would really appreciate hearing from you... Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Application.cfm, Session Management, and a lot less hair!
On 2/16/01 9:58 AM Ken McInnes wrote: > Okay this problem has me completely baffled. We have an administration > module for a client with a login page that sets some session permissions. > Subsequent pages then look for the appropriate permission using > CFApplication. Everything works fine on our end but when we implemented on > the client site they cannot get into the administration module...very secure > but useless! ;-) I have supplied the error they are getting and the > CFApplication tag. > > The only way I have been able to replicate the error is by disabling the > browser's ability to accept cookies on our internal network. This then > causes Cold Fusion to throw the error. I have tried it on a number of > different machines that we test on and the Cold Fusion application worked on > all of them. However, when I try the application on some machines external > to our network they almost always fail but some do allow access to the > administrator module. They have been set to accept cookies so that doesn't > seem to be the problem. Does this client have cookies disabled? If so, have them turn them on or start rewriting your code so that all links pass the #urltoken# variable. The session management in CF requires either cookies or the #urltoken#. Good luck. - Sean ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Application.cfm, Session Management, and a lot less hair!
Are these people connecting though a proxy? What browsers and browser settings are they using? What did that error message say? Can we see your application.cfm file from the app.? What settings are in their ColdFusion Administrator (as far as variable storage ans application/session timeouts)? Anything "special" about their server's configuration? Is this on an http or https socket? These are the questions that immediately pop into my mind here. ~Simon > Simon Horwith > Allaire Certified Instructor > Certified ColdFusion Developer > Fig Leaf Software > 1400 16th St NW, # 220 > Washington DC 20036 > 202.797.6570 (direct line) > www.figleaf.com > -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 9:58 AM To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. It is the intermittent nature of this problem that is causing me the most trouble in trying to solve it. Please note that we have never had a problem from our development machines. If anyone has any input on this problem I would really appreciate hearing from you... Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Application.cfm, Session Management, and a lot less hair!
Are you locking the seesion variables?...a test would be to switch to client variables and see if you still hget the same problem. Incedentally. If you want to maintain sessions regardless of whether the user has session level cookies swithched on or off then I'll post a bit of code which you stick in your application.cfm that will solve this. -- Andrew Ewings Project Manager Thoughtbubble Ltd http://www.thoughtbubble.net -- United Kingdom http://www.thoughtbubble.co.uk/ Tel: +44 (0) 20 7387 8890 -- New Zealand http://www.thoughtbubble.co.nz/ Tel: +64 (0) 9 488 9131 -- The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). Any views or opinions presented are solely those of the author and do not necessarily represent those of Thoughtbubble. This information may be subject to legal, professional or other privilege and further distribution of it is strictly prohibited without our authority. If you are not the intended recipient, you are not authorised to disclose, copy, distribute, or retain this message. Please notify us on +44 (0)207 387 8890. -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: 16 February 2001 14:58 To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. It is the intermittent nature of this problem that is causing me the most trouble in trying to solve it. Please note that we have never had a problem from our development machines. If anyone has any input on this problem I would really appreciate hearing from you... Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists