RE: CFID, CFTOKEN contains invalid characters
To follow up on this, we've now figured out that all of the bad requests are coming from a single source, the WiseNut search engine crawler.So, we can work towards clearing up the problem but it would still be nice to know what, exactly, is happening here. Thanks. -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: [EMAIL PROTECTED] WWW: http://www.evoch.com/ -Original Message- From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 4:02 PM To: CF-Talk Subject: CFID, CFTOKEN contains invalid characters All: I'm working on a site that used to be hosted on a CF5 system.It was recently migrated over to a new host running on a CFMX system and now the CF logs are showing sporadic error messages like the following: Error,jrpp-3345,01/20/04,05:31:01,foo,CFID, CFTOKEN contains invalid characters.This exception is caused by either broken links, or security attacks.The invalid id is d583cf74ea9b3527-337A0D57-9D87-71FD- 2069F8FAF5AF2BD0/ The specific sequence of files included or processed is: E:\foo.com\webroot\index.cfm I've tried sticking the supplied invalid CFTOKEN into the URL on a CF5 box and it handles it without a problem (i.e., http://www.foo.com/index.cfm?CFID=6CFTOKEN=79f85dc35bd10ce1-273F1CD8-9F31-E 3A6-B82095AB1C2B166F/) but doing so on a CFMX box causes it to barf.Simply removing the trailing slash from the URL makes everything all better on CFMX. The only thing I could think of is that the CFID/CFTOKEN (which are stored as cookies) are holdovers from the previous site.Is it possible that the CFTOKEN mechanism changed from CF5 to CFMX so that it no longer supports foreslashes in the value? BTW, I've already checked the archives about this and the only thing I could find about it doesn't seem to apply here. TIA -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: [EMAIL PROTECTED] WWW: http://www.evoch.com/ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CFID, CFTOKEN contains invalid characters
The only thing I could think of is that the CFID/CFTOKEN (which are stored as cookies) are holdovers from the previous site. Is it possible that the CFTOKEN mechanism changed from CF5 to CFMX so that it no longer supports foreslashes in the value? Yes, that's certainly possible. It shouldn't have supported them before, with GUID/UUID values for CFTOKEN, since that's not a valid character within a UUID. I'd recommend that you try stripping the character in cases where you get this error. You should probably be able to do this within an exception handling page or within your site-wide error handler, if not within the actual page with the error (probably Application.cfm?) Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CFID, CFTOKEN contains invalid characters
Thanks Dave.I'll look into that. -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: [EMAIL PROTECTED] WWW: http://www.evoch.com/ -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 5:11 PM To: CF-Talk Subject: RE: CFID, CFTOKEN contains invalid characters The only thing I could think of is that the CFID/CFTOKEN (which are stored as cookies) are holdovers from the previous site. Is it possible that the CFTOKEN mechanism changed from CF5 to CFMX so that it no longer supports foreslashes in the value? Yes, that's certainly possible. It shouldn't have supported them before, with GUID/UUID values for CFTOKEN, since that's not a valid character within a UUID. I'd recommend that you try stripping the character in cases where you get this error. You should probably be able to do this within an exception handling page or within your site-wide error handler, if not within the actual page with the error (probably Application.cfm?) Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]