RE: cookies across servers
What I've got is a login information cookie, that is supposed to allow access to two different sites, under different domains, on different servers. Cookies cannot be shared across domains. You will need to pass that information another way. One fairly easy way to do that is to have the login process reference content in both domains. Each domain can then set the necessary cookie. You could do this with CFHTTP as long as your cookies aren't restricted by IP address. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304893 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Cookies Across Directories
You need to set a domain cookie for mysite.com. http://livedocs.adobe.com/coldfusion/7/htmldocs/0233.htm On 5/28/07, Joel Watson [EMAIL PROTECTED] wrote: I have a site where the user logged in state is managed through a cookie created from a remember me form. It seems to work fine. The one problem I have, though, is that the cookie is active or acted-upon only if the user is pointing to the http://www.mysite.com and not the http://mysite.com. Is there a way to get around this so that the users can be remembered on both? -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279384 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Cookies Across Directories
Awesome--that worked. I had seen that in the docs before, but I was not particularly sure what it was referring to. Thanks for the clarification! You need to set a domain cookie for mysite.com. http://livedocs.adobe.com/coldfusion/7/htmldocs/0233.htm On 5/28/07, Joel Watson [EMAIL PROTECTED] wrote: I have a site where the user logged in state is managed through a cookie created from a remember me form. It seems to work fine. The one problem I have, though, is that the cookie is active or acted-upon only if the user is pointing to the http://www.mysite.com and not the http://mysite.com. Is there a way to get around this so that the users can be remembered on both? -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com. au/blog/ ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279385 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Cookies, Session Scope, and the AOL Browser
What does AOL do that would make a user unable to log in? Does it block all cookies? Do sessions just not work? Anyone with experience coding for AOL, please toss me a bone here! =) I don't specifically write a cookie, but this is the top of my application.cfc: Chris, AOL doesn't block cookies by default, so your sessions should work the same (unless you send the cfid and cftoken in every url, your session depends on the cookie to know which session to refer to). I keep a copy of AOL Explorer around for testing purposes. Something else must be going on there, but your Application.cfc code looks fine to me. -- Josh ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275872 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Cookies, Session Scope, and the AOL Browser
I have seen where a single visit from an AOL person can come from different IP addresses. We use a load balancer with sticky sessions that sends the same IP to the same server (within a given time limit, and only if that server is up) so that they will get the same session state on each hit. When AOL users change IP the load balancer would sometimes send them to a different server and the session on that server would not show them as logged in... they end up with two sessions. (We don't use any kind of session replication.) FYI Mark -Original Message- From: Josh Nathanson [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 1:01 PM To: CF-Talk Subject: Re: Cookies, Session Scope, and the AOL Browser What does AOL do that would make a user unable to log in? Does it block all cookies? Do sessions just not work? Anyone with experience coding for AOL, please toss me a bone here! =) I don't specifically write a cookie, but this is the top of my application.cfc: Chris, AOL doesn't block cookies by default, so your sessions should work the same (unless you send the cfid and cftoken in every url, your session depends on the cookie to know which session to refer to). I keep a copy of AOL Explorer around for testing purposes. Something else must be going on there, but your Application.cfc code looks fine to me. -- Josh ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275877 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies, Session Scope, and the AOL Browser
Mark, What did you do to handle this? We have the exact same scenario, 2 servers behind a Cisco CSS with sticky sessions based on IP. Chris -Original Message- From: Gaulin, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 1:56 PM To: CF-Talk Subject: RE: Cookies, Session Scope, and the AOL Browser I have seen where a single visit from an AOL person can come from different IP addresses. We use a load balancer with sticky sessions that sends the same IP to the same server (within a given time limit, and only if that server is up) so that they will get the same session state on each hit. When AOL users change IP the load balancer would sometimes send them to a different server and the session on that server would not show them as logged in... they end up with two sessions. (We don't use any kind of session replication.) FYI Mark -Original Message- From: Josh Nathanson [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 1:01 PM To: CF-Talk Subject: Re: Cookies, Session Scope, and the AOL Browser What does AOL do that would make a user unable to log in? Does it block all cookies? Do sessions just not work? Anyone with experience coding for AOL, please toss me a bone here! =) I don't specifically write a cookie, but this is the top of my application.cfc: Chris, AOL doesn't block cookies by default, so your sessions should work the same (unless you send the cfid and cftoken in every url, your session depends on the cookie to know which session to refer to). I keep a copy of AOL Explorer around for testing purposes. Something else must be going on there, but your Application.cfc code looks fine to me. -- Josh ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275878 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Cookies, Session Scope, and the AOL Browser
The application can rely on cookies (to a point), but some load balancers can use cookies to manage sticky sessions. Basically, a user coming in from AOL may change IP addresses mid stream, but the load balancer will check the user's cookie and forward to the same session on the same server. This isn't always 100% effective, and most load balancers have ways of setting up precedence rules, whereby a) if cookie check fails then go by their IP, b) if the IP has changed then do x, c) etc., etc. Steve Cutter Blades Adobe Certified Professional Advanced Macromedia ColdFusion MX 7 Developer _ http://blog.cutterscrossing.com Peterson, Chris wrote: Mark, What did you do to handle this? We have the exact same scenario, 2 servers behind a Cisco CSS with sticky sessions based on IP. Chris -Original Message- From: Gaulin, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 1:56 PM To: CF-Talk Subject: RE: Cookies, Session Scope, and the AOL Browser I have seen where a single visit from an AOL person can come from different IP addresses. We use a load balancer with sticky sessions that sends the same IP to the same server (within a given time limit, and only if that server is up) so that they will get the same session state on each hit. When AOL users change IP the load balancer would sometimes send them to a different server and the session on that server would not show them as logged in... they end up with two sessions. (We don't use any kind of session replication.) FYI Mark -Original Message- From: Josh Nathanson [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 1:01 PM To: CF-Talk Subject: Re: Cookies, Session Scope, and the AOL Browser What does AOL do that would make a user unable to log in? Does it block all cookies? Do sessions just not work? Anyone with experience coding for AOL, please toss me a bone here! =) I don't specifically write a cookie, but this is the top of my application.cfc: Chris, AOL doesn't block cookies by default, so your sessions should work the same (unless you send the cfid and cftoken in every url, your session depends on the cookie to know which session to refer to). I keep a copy of AOL Explorer around for testing purposes. Something else must be going on there, but your Application.cfc code looks fine to me. -- Josh ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275879 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Cookies, Client Variables, CFID/CFTOKEN
Don't forget that CF looks up the directory tree for Application.cfm and will continue right up to the file system root (C:\ on Windows). On Apr 11, 2005 7:45 AM, Matthew Small [EMAIL PROTECTED] wrote: I'm trying to fix an application written in fusebox that uses client vars, cookies, and CFID/CFTOKEN cookies. What is happening is that if a client logs into the application and is successful, the code suggests that both a client variable and a cookie are written and this determines login (I have not yet found where that occurs). Here is a snippet of the login code: ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:202304 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Cookies vs Session Variables
Kaz, is this in regards to the conversation we had yesterday about company x choosing to use cookies over session vars because they think that session vars use too much memory? Let me start this conversation off with a quick question What If I disable cookies :-) Tell those networking guys to simmer down, no one is going to blow up a server with session variables or corrupt the PIX firewall...LOL Mike Is there any performance gain to only using cookie variables instead of using session variables?Is it worth the hassle? Are session variables really that much of a server hog? Just curious to what others think. Kevin [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies vs Session Variables
In the case of this argument, let's assume that cookies are enabled for everyone.So we can eliminate those statements.This is purely an issue of how much does it hurt performance. Kevin _ From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 1:48 PM To: CF-Talk Subject: RE: Cookies vs Session Variables Kaz, is this in regards to the conversation we had yesterday about company x choosing to use cookies over session vars because they think that session vars use too much memory? Let me start this conversation off with a quick question What If I disable cookies :-) Tell those networking guys to simmer down, no one is going to blow up a server with session variables or corrupt the PIX firewall...LOL Mike Is there any performance gain to only using cookie variables instead of using session variables?Is it worth the hassle? Are session variables really that much of a server hog? Just curious to what others think. Kevin _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies vs Session Variables
The fact is, if you have the hardware to support your needs (needs being something you figure out) then you are fine. What kind of proof do you need? In the case of this argument, let's assume that cookies are enabled for everyone.So we can eliminate those statements. This is purely an issue of how much does it hurt performance. Kevin [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Cookies vs Session Variables
Kevin, If your application requires a login and a password I'd strongly recomend going the session rather than the cookie route for the following reasons. 1) You can destroy sessions after someone ends a transaction. For example if someone walks away for a few moments, you can destory a session and thereby force someone to log in again. With persistant cookies, you do not have this option. 2) Michael had mentioned the fact that users can change their privacy/cookie settings. By using persistant cookies you force yourself into either checking for the existance of cookies every time or by using the request scope (and thereby moving the cookie value into RAM, defeating the purpose of using pure persistant cookies). I'd also like to point out that some places mandate no session or persistant cookies -- something session variables can handle if you move CFID and CFTOKEN into the URL. My experaince also tells me people purge cookies perodically... so this poor assumption. 3) Security. Sometimes, you might use a session variable to check against values in the database -- such as a customer profile. Going the cookie appraoch will force more stingent checks on your data than session varibles since the data comes from the client machine -- You will need to use the same QC techniques as you need for URL variables! The reasons I bring up these two points is that you will need to create additional code to compensate for the fact that persistant cookies are remote and can be manipulated by the client. Result-- More CFIFs, CFTRYs/CFCATCHs and so on. 4) Finally, Let's do a thought expairment to see what conventional wisdom tells us. For a sturcture containing user information a persistant cookie requires a connection with local file system and then CF needs to parse out the information contained in the structure. Every time you call the cookie, you need to run through the same series of steps. Using session variables, that information is in server RAM or in a nearby database --much closer to the center of action. What do you think would be faster-reading a file remotely or reading server RAM (or nearby database)? What does Flash do (since it is a fatter client side tehcnology -- see the Flex discussion from earlier this week for what others think)? Jeremy In the case of this argument, let's assume that cookies are enabled for everyone.So we can eliminate those statements.This is purely an issue of how much does it hurt performance. Kevin _ From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 1:48 PM To: CF-Talk Subject: RE: Cookies vs Session Variables Kaz, is this in regards to the conversation we had yesterday about company x choosing to use cookies over session vars because they think that session vars use too much memory? Let me start this conversation off with a quick question What If I disable cookies :-) Tell those networking guys to simmer down, no one is going to blow up a server with session variables or corrupt the PIX firewall...LOL Mike Is there any performance gain to only using cookie variables instead of using session variables?Is it worth the hassle? Are session variables really that much of a server hog? Just curious to what others think. Kevin _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies vs Session Variables
Just for the record, I am in favor in using session variables over strictly the use of cookie variables.I would think that the required parsing and logic to read and handle the cookies in your application would remove any benefit they would have over session variables hanging out in memory.I was just interested in a more technical argument to benefits/drawbacks of using strictly cookie variables over session variables and to see if anyone agreed with strictly the use cookie variables instead of session variables. Thanks for the post Jeremy. Kevin _ From: Jeremy Brodie [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 2:49 PM To: CF-Talk Subject: Re: Cookies vs Session Variables Kevin, If your application requires a login and a password I'd strongly recomend going the session rather than the cookie route for the following reasons. 1) You can destroy sessions after someone ends a transaction. For example if someone walks away for a few moments, you can destory a session and thereby force someone to log in again. With persistant cookies, you do not have this option. 2) Michael had mentioned the fact that users can change their privacy/cookie settings. By using persistant cookies you force yourself into either checking for the existance of cookies every time or by using the request scope (and thereby moving the cookie value into RAM, defeating the purpose of using pure persistant cookies). I'd also like to point out that some places mandate no session or persistant cookies -- something session variables can handle if you move CFID and CFTOKEN into the URL. My experaince also tells me people purge cookies perodically... so this poor assumption. 3) Security. Sometimes, you might use a session variable to check against values in the database -- such as a customer profile. Going the cookie appraoch will force more stingent checks on your data than session varibles since the data comes from the client machine -- You will need to use the same QC techniques as you need for URL variables! The reasons I bring up these two points is that you will need to create additional code to compensate for the fact that persistant cookies are remote and can be manipulated by the client. Result-- More CFIFs, CFTRYs/CFCATCHs and so on. 4) Finally, Let's do a thought expairment to see what conventional wisdom tells us. For a sturcture containing user information a persistant cookie requires a connection with local file system and then CF needs to parse out the information contained in the structure. Every time you call the cookie, you need to run through the same series of steps. Using session variables, that information is in server RAM or in a nearby database --much closer to the center of action. What do you think would be faster-reading a file remotely or reading server RAM (or nearby database)? What does Flash do (since it is a fatter client side tehcnology -- see the Flex discussion from earlier this week for what others think)? Jeremy In the case of this argument, let's assume that cookies are enabled for everyone.So we can eliminate those statements.This is purely an issue of how much does it hurt performance. Kevin _ From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 1:48 PM To: CF-Talk Subject: RE: Cookies vs Session Variables Kaz, is this in regards to the conversation we had yesterday about company x choosing to use cookies over session vars because they think that session vars use too much memory? Let me start this conversation off with a quick question What If I disable cookies :-) Tell those networking guys to simmer down, no one is going to blow up a server with session variables or corrupt the PIX firewall...LOL Mike Is there any performance gain to only using cookie variables instead of using session variables?Is it worth the hassle? Are session variables really that much of a server hog? Just curious to what others think. Kevin _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Cookies vs Session Variables
Jeremy Brodie wrote: [...] For a sturcture containing user information a persistant cookie requires a connection with local file system and then CF needs to parse out the information contained in the structure. Every time you call the cookie, you need to run through the same series of steps. Using session When browsing a web site, I'm sure modern browsers cache cookies for whatever site you're viewing so the hard drive is accessed as few times as possible. variables, that information is in server RAM or in a nearby database --much closer to the center of action. What do you think would be faster-reading a file remotely or reading server RAM (or nearby database)? When reading a cookie, you aren't reading a file remotely or even off the server's filesystem. With every request, any cookies are sent back to the web server where they came from. It's like a cgi variable (in fact, browse your cgi debugging info and you'll see cookies there). Cookie variables can be called from CF just as quickly as any variable. However, if you're saving variables in a nearby database, this WILL be slower, as CF has to run across the network to get it, or run through its own filesystem to pull it out of a 3rd party connection (jdbc, odbc, access files, sql servers, none as fast as a cookie variable on the page). Now as for the whole which is faster, It's hard to say. Cookies require additional bandwidth, which slows down the perception of a page, and they are limited to a handful of data per site. However, once they get to the site, the actual CFM page processing is quick, but Jeremy was right about needing more code to validate their values, and you have potential security risks. Session vars have different security risks, though at a higher level. For a server to access a session, it has to search through its memory structures to find the right session, then the right variable you're using. So which is faster? I don't really think it matters. But which is better? It depends on the job. -nathan strutz [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies vs Session Variables
Is there any performance gain to only using cookie variables instead of using session variables? No, I've never seen any performance issues with using session variables, generally. In fact, I would expect that they'd perform better than cookies, since those cookies would then have to be part of every HTTP request made by the browser, which would increase the amount of throughput required for the application. Is it worth the hassle? What hassle? Are session variables really that much of a server hog? This will depend on how much memory you have available. Sessions can use lots of memory, but that's what memory is for. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Cookies vs Session Variables
Nathan-- I agree here. When browsing a web site, I'm sure modern browsers cache cookies for whatever site you're viewing so the hard drive is accessed as few times as possible. variables, that information is in server RAM or in a nearby database --much closer to the center of action. What do you think would be faster-reading a file remotely or reading server RAM (or nearby database)? Nathan-- I'll also agree here too with you. The point I was making with the questions was to point out Cookies require additional bandwidth, which slows down the perception of a page, and they are limited to a handful of data per site. and needing more code to validate their values. Although each has its pros and cons, more time, effort, and thought has been place to maximize the performance and security of session variables, vs. the more home-grown appraoch when using pure cookies. Nathan wrote: So which is faster? I don't really think it matters. But which is better? It depends on the job. Kevin probally wants a code test-- however, I agree with you here -- persistant cookies *do* have their time and place. Jeremy Brodie wrote: [...] For a sturcture containing user information a persistant cookie requires a connection with local file system and then CF needs to parse out the information contained in the structure. Every time you call the cookie, you need to run through the same series of steps. Using session When browsing a web site, I'm sure modern browsers cache cookies for whatever site you're viewing so the hard drive is accessed as few times as possible. variables, that information is in server RAM or in a nearby database --much closer to the center of action. What do you think would be faster-reading a file remotely or reading server RAM (or nearby database)? When reading a cookie, you aren't reading a file remotely or even off the server's filesystem. With every request, any cookies are sent back to the web server where they came from. It's like a cgi variable (in fact, browse your cgi debugging info and you'll see cookies there). Cookie variables can be called from CF just as quickly as any variable. However, if you're saving variables in a nearby database, this WILL be slower, as CF has to run across the network to get it, or run through its own filesystem to pull it out of a 3rd party connection (jdbc, odbc, access files, sql servers, none as fast as a cookie variable on the page). Now as for the whole which is faster, It's hard to say. Cookies require additional bandwidth, which slows down the perception of a page, and they are limited to a handful of data per site. However, once they get to the site, the actual CFM page processing is quick, but Jeremy was right about needing more code to validate their values, and you have potential security risks. Session vars have different security risks, though at a higher level. For a server to access a session, it has to search through its memory structures to find the right session, then the right variable you're using. So which is faster? I don't really think it matters. But which is better? It depends on the job. -nathan strutz [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: cookies and images
I'm fairly certain it's not possible with cold fusion because cfcontent strips out all header info before sending the image file. An interesting explanation is here: http://www.webprofession.com/features/98-02/fea400.html where the author explains how it works and how it can be done using Pearl. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies...
Hi Dave: ASP application write in cookies variables without any trouble. And yes in ASP and CF u can write/read cookies as ASP: Response.Cookies.(User).nick=hassan CF MX CFCookie name=user.nick value=hassan Regards -- M.Sc. Hassan Arteaga Rodrguez. Microsoft Certified System Engineer. Grupo de Desarrollo. DIGI COPEXTEL, S.A [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies...
I have ASP.3 application that write in cookie variables in my PC some value ie: Response.Cookies(User).nick=hassan. When i try to read this cookie value from another app in another server and in my PC i can't read it , the value is empty. i try to read it simple as #cookie.User.nick# You won't be able to do that, because cookies don't contain structures. I forget exactly how cookies with multiple values are created when you use classic ASP, but you should just look at your HTTP request headers to see what the cookies look like. You'll then have to parse out the name-value pairs you want, if I recall correctly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies
So for website1.domain.com cfcookie name=adminUser value=#form.username# domain=website1.domain.com And Website2.domain.com cfcookie name=adminUser value=#form.username# domain=website2.domain.com Would set them differently .. and if you where on website1 with that cookie set, and then tried to go to website2, the cookie would not be available correct? No, apparently I have it backwards. According to the local test I just ran, if you omit the DOMAIN attribute, the cookies are host-specific. If you want the cookies to be available to all hosts within domain.com, you'd set the DOMAIN attribute to .domain.com (note the leading period). Sorry for the misdirection. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cookies
If you set a cookie on website1.domain.com will that cookie be availble on website2.domain.com? The answer is, it depends. By default, cookies are domain-specific. That is, when a cookie is set, the browser will return it whenever it makes a request to any host within that domain. However, you can control this within the DOMAIN attribute of the CFCOOKIE tag. You can even limit the cookie so that it is only returned for requests for specific files or directories using the PATH attribute. However, if I recall correctly, when you use CF's Session or Client management, and you allow CF to set the CFID and CFTOKEN cookies, those cookies are host-specific by default. I could be wrong about this, though, but it's easy enough to test this by using a telnet client or the like to make a single request. I'm not sure about the behavior of the JSESSIONID cookie used with CFMX's J2EE session option, either. Or are they considered seperate domains? No, they're separate hosts within the same domain. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Cookies
So for website1.domain.com cfcookie name=adminUser value=#form.username# domain=website1.domain.com And Website2.domain.com cfcookie name=adminUser value=#form.username# domain=website2.domain.com Would set them differently .. and if you where on website1 with that cookie set, and then tried to go to website2, the cookie would not be available correct? Thanks Paul Giesenhagen QuillDesign - Original Message - From: Dave Watts To: CF-Talk Sent: Tuesday, September 30, 2003 11:52 PM Subject: RE: Cookies If you set a cookie on website1.domain.com will that cookie be availble on website2.domain.com? The answer is, it depends. By default, cookies are domain-specific. That is, when a cookie is set, the browser will return it whenever it makes a request to any host within that domain. However, you can control this within the DOMAIN attribute of the CFCOOKIE tag. You can even limit the cookie so that it is only returned for requests for specific files or directories using the PATH attribute. However, if I recall correctly, when you use CF's Session or Client management, and you allow CF to set the CFID and CFTOKEN cookies, those cookies are host-specific by default. I could be wrong about this, though, but it's easy enough to test this by using a telnet client or the like to make a single request. I'm not sure about the behavior of the JSESSIONID cookie used with CFMX's J2EE session option, either. Or are they considered seperate domains? No, they're separate hosts within the same domain. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Cookies
If you set a cookie on website1.domain.com will that cookie be availble on website2.domain.com?Or are they considered seperate domains? Thanks Paul Giesenhagen QuillDesign iirc this is what setdomaincookies is supposed to be fore in the cfapplication tag... I've had bad luck trying to use it personally... but there are supposed to be ways to create cookies that ignore the aname portion of the domain yea... hth s. isaac dealey 972-490-6624 team macromedia volunteerhttp://www.macromedia.com/go/team chief architect, tapestry cmshttp://products.turnkey.to onTap is open sourcehttp://www.turnkey.to/ontap [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: COOKIES
Because cookies are uniquely identified by the domain name. They aren't complicated, and don't look up or store the IP of what that domain name resolves to. And because of that, there's no way for a cookie to know that the content at address X is the same as that at address Y. It would certainly be possible for browsers to be accommodating and when they hit a domain and do a dns/ip lookup then they could look for a match for either name or address, but they don't have to and as you've seen you obviously can't count on it. -Kevin - Original Message - From: Steve Dworman [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:35 AM Subject: COOKIES i need some help understanding cookies. why would internet explorer set a cookie if i call the page using the ip address instead of the dns name? you can get to the main screen logging in both ways. however, if you try a menu item it acts like the cookie isn't there (which is true). this only seems to happen when i create new sites in IIS. i'm running windows 2000, iis, cfmx 6.1 tia Steven D Dworman Macromedia Certified Developer - Senior Information Technology Consultant Systems Administrator ComSpec International - http://www.comspecinternational.com http://www.comspecinternational.com/ phone: 248.647.8841 cell: 248.767.9925 - EMPOWER-XL ***Software for Higher Education*** http://www.empower-xl.com http://www.empower-xl.com/ ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: COOKIES
So are you saying I need to qualify the domain name when I set the cookie? -Original Message- From: Kevin Graeme [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:44 AM To: CF-Talk Subject: Re: COOKIES Because cookies are uniquely identified by the domain name. They aren't complicated, and don't look up or store the IP of what that domain name resolves to. And because of that, there's no way for a cookie to know that the content at address X is the same as that at address Y. It would certainly be possible for browsers to be accommodating and when they hit a domain and do a dns/ip lookup then they could look for a match for either name or address, but they don't have to and as you've seen you obviously can't count on it. -Kevin - Original Message - From: Steve Dworman [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:35 AM Subject: COOKIES i need some help understanding cookies. why would internet explorer set a cookie if i call the page using the ip address instead of the dns name? you can get to the main screen logging in both ways. however, if you try a menu item it acts like the cookie isn't there (which is true). this only seems to happen when i create new sites in IIS. i'm running windows 2000, iis, cfmx 6.1 tia Steven D Dworman Macromedia Certified Developer - Senior Information Technology Consultant Systems Administrator ComSpec International - http://www.comspecinternational.com http://www.comspecinternational.com/ phone: 248.647.8841 cell: 248.767.9925 - EMPOWER-XL ***Software for Higher Education*** http://www.empower-xl.com http://www.empower-xl.com/ ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
Re: COOKIES
Sorry, I should have said that they are uniquely identified by the server designation on the url. So if the url is a domain name, it's that, and if the url displays an IP, then it's the IP. Maybe that was clear to you from what I had said, but I wanted to make sure. -Kevin - Original Message - From: Kevin Graeme [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:44 AM Subject: Re: COOKIES Because cookies are uniquely identified by the domain name. They aren't complicated, and don't look up or store the IP of what that domain name resolves to. And because of that, there's no way for a cookie to know that the content at address X is the same as that at address Y. It would certainly be possible for browsers to be accommodating and when they hit a domain and do a dns/ip lookup then they could look for a match for either name or address, but they don't have to and as you've seen you obviously can't count on it. -Kevin - Original Message - From: Steve Dworman [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:35 AM Subject: COOKIES i need some help understanding cookies. why would internet explorer set a cookie if i call the page using the ip address instead of the dns name? you can get to the main screen logging in both ways. however, if you try a menu item it acts like the cookie isn't there (which is true). this only seems to happen when i create new sites in IIS. i'm running windows 2000, iis, cfmx 6.1 tia Steven D Dworman Macromedia Certified Developer - Senior Information Technology Consultant Systems Administrator ComSpec International - http://www.comspecinternational.com http://www.comspecinternational.com/ phone: 248.647.8841 cell: 248.767.9925 - EMPOWER-XL ***Software for Higher Education*** http://www.empower-xl.com http://www.empower-xl.com/ ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: Cookies set but my site doesnt generate cookies!
Have you tried: cfdump var=#cookie# I'm pretty sure this will only show the cookies that cf or javascript sets from your site (this should at least confirm that you are not setting any cookies). I don't think you can delete some other sites cookies. I would think they are specific to the domain they came from and can only be modified there, but I don't know that for sure, never tried. Mark -Original Message- From: Rafael Bleiweiss [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 4:56 AM To: CF-Talk Subject: Cookies set but my site doesnt generate cookies! I've got a new site I'm building using CF and all pages are .cfm (CF 5, Win2k, IIS) And in my new Netscape 7.1 browser it lets me see what cookies are set on a site. Well, oddly I went to one of the text mock-up templates on my site and Netscape claims this site set a cookie, yet I don't set any on this site! It's obviously wrong - the cookie label appears to have come from the previous site I was on! Is there a way for me to test the state of cookies that come this way and clear them out in my Application.cfm file? I do NOT want a browser thinking a cookie is related to my site when it is not! ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies
I'm using cookies to allow session variables with CF5, and I'm running into lots of people who have them disabled - IE6, for instance, appears to disable them by default. Would I be better off using URLToken, or is there a way to make cookies work on most systems? IE talks about a compact privacy policy, I notice. Your best bet is to build a Privacy Policy for your website While in IE6, click on View, Privacy Report, then Learn more about privacy... That will give you some information about how IE6 is treating cookies Here's some links on why and how the P3P privacy policy came about http://www.w3.org/TR/P3P/ http://www.w3.org/P3P/implementations http://www.p3pdeveloper.com Hope this helps ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies
At 03:09 PM 07/08/03 +0100, Philip Arnold wrote: Your best bet is to build a Privacy Policy for your website I'll look into this. I was thinkiing I would be better off scrapping cookies and using URL variables to track the CFID and CFToken data. T Tired of your bookmarks/favourites being limited to one computer? Move them to the Net! www.stuffbythane.com/webfavourites makes it easy to keep all your favourites in one place and access them from any computer that's attached to the Internet. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies
Fairly briskly and correct me if I am wrong Building a Privacy Policy still aint going to help you if the user has cookies turned off, no web server cookie will be set so the web server won't remember you for the next Request (assuming no developer intervention) No Cookies, No Web Server Sessions, No maintaining of state between request without developer intervention. - Unless you append the CFID and CFTOKEN (or J2EE SessionID) to the end of every URL - Or you could make sure everything was a form and maintaining state through hidden form variables - You could also use the CLIENT scope and store then variables in a database effectively using it as a SESSION store (if complex var, need to serialize them using WDDX, I know not much else about this and the knowledge has been gleaned from the posts to this here very list) - If the right CFMX version could use J2EE stuff to maintain state as well but again don't know anything about that. - There are probably a few other methods but they are the main one s I can think of right now In short, I use Session variables cause they are easy. This may be a cop out but try working to my deadlines, aint got time to roll your own solutions all the time and more often than not I am modifying somebody else's application so pretty stuck with what you got I always just make sure that logging in or anything at least has a check for cookies and let's the user know if they haven't got them on, then they can't have the functionality of the site. Most of my apps can do this and I do realise that not all can get away with this but I seldom come across a project that does not let me utilise SESSION variables... they used to say it was evil and that you shouldn't use them, but most other methods or maintaining state between pages just end up being so fucking clunky it just aint worth it for me... Why can't you use Session variables by forcing the user to have cookies turned on? A good privacy policy (textual) will inform the user that cookies are only used to maintain state and their eyes will just glaze over anyway and they will automatically follow your instructions to turn on cookies and be able to fully use your site. in the same context, the user will also be able to faultlessly navigate your application and not ask stupid questions. They would also be able to read your instructions on screen and realise that if they do not follow them, they will not be able to carry out the task that they want to do. :-) I'm using cookies to allow session variables with CF5, and I'm running into lots of people who have them disabled - IE6, for instance, appears to disable them by default. Would I be better off using URLToken, or is there a way to make cookies work on most systems? IE talks about a compact privacy policy, I notice. Your best bet is to build a Privacy Policy for your website While in IE6, click on View, Privacy Report, then Learn more about privacy... That will give you some information about how IE6 is treating cookies Here's some links on why and how the P3P privacy policy came about http://www.w3.org/TR/P3P/ http://www.w3.org/P3P/implementations http://www.p3pdeveloper.com ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies
Fairly briskly and correct me if I am wrong Building a Privacy Policy still aint going to help you if the user has cookies turned off, no web server cookie will be set so the web server won't remember you for the next Request (assuming no developer intervention) No Cookies, No Web Server Sessions, No maintaining of state between request without developer intervention. True, but since most people wouldn't know HOW to turn off cookies, then you can expect that a large portion of the population will still have them enabled IE6 naturally tries to block cookies that it doesn't like, so building a Privacy Policy gets around that Temporary cookies should always be there, as there's nothing stored - as soon as you close the browser, then it's gone... ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies
What if your system is governed by a domain and an IE which has all that all ready turned off etc? In a nutshell - not cookies, no go. -Original Message- From: Philip Arnold [mailto:[EMAIL PROTECTED] Sent: 08 July 2003 16:03 To: CF-Talk Subject: RE: Cookies Fairly briskly and correct me if I am wrong Building a Privacy Policy still aint going to help you if the user has cookies turned off, no web server cookie will be set so the web server won't remember you for the next Request (assuming no developer intervention) No Cookies, No Web Server Sessions, No maintaining of state between request without developer intervention. True, but since most people wouldn't know HOW to turn off cookies, then you can expect that a large portion of the population will still have them enabled IE6 naturally tries to block cookies that it doesn't like, so building a Privacy Policy gets around that Temporary cookies should always be there, as there's nothing stored - as soon as you close the browser, then it's gone... ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies
What if your system is governed by a domain and an IE which has all that all ready turned off etc? In a nutshell - not cookies, no go. Not in anything I have came across... which is why I sez 'Most of my apps can do this and I do realise that not all can get away...' IE6 naturally tries to block cookies that it doesn't like, so building a Privacy Policy gets around that Depends your setting, I generally browse with 'Block All Cookies' Therefore the browser doesn't accept cookies and will not even if it has the most blindin' privacy policy on the planet. The Temporary cookies are only there for the page request and then their gone, not for the browser session as far as I know Building the Privacy policy will only help you if they have a setting below Block All Cookies... which leads me on to my next rant... Plus, how easy is it to cheat this anyway, I spent four days in total (around 24 hours work down the tweaking a Privacy Policy for a site that was being displayed in another site's frameset (ie ecommerce portal) I made it as true as I could to the company's actual practised privacy policy and use of info on the site. Would IE accept the cookie? No it fugging would not g (and yes it was validated against the W3C Validator) Cos I was then termed the third party site, it blocked all cookies, I would get it to work, it would work for a week, then with no changes to the actual site, it would suddenly stop working, no cookies were getting set again and back to square one, no session state, no shopping by any visitors What did I do? I added a response header into every page with a simple compact privacy policy that reflected the very basic allowed by the IBM P3P editor and voila, been working for the last 6 months or so I was being paid for the site and not the time and it was just eating up my time and actually ended up negating pretty much all I got for the site in particular :-( The P3P is a lot of crap. I don't trust it when I am browsing, do you? What chance is it if they can't turn on/off there cookies, how are they going to know much about the Privacy controls anyway Fairly briskly and correct me if I am wrong Building a Privacy Policy still aint going to help you if the user has cookies turned off, no web server cookie will be set so the web server won't remember you for the next Request (assuming no developer intervention) No Cookies, No Web Server Sessions, No maintaining of state between request without developer intervention. True, but since most people wouldn't know HOW to turn off cookies, then you can expect that a large portion of the population will still have them enabled IE6 naturally tries to block cookies that it doesn't like, so building a Privacy Policy gets around that Temporary cookies should always be there, as there's nothing stored - as soon as you close the browser, then it's gone... ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Cookies and browser launch methods
My understanding of IE is that if you open a new window using CTRL+N, you are opening a new tread of the same IEXPLORE.EXE process, thus the cookies are shared between threads. If you open a new window using the desktop icons, you are launching a new IEXPLORE.EXE process, which does not share memory with the first process, so it maintains its own cookies in memory. -Justin Scott - Original Message - From: Bryan Stevenson [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 5:52 PM Subject: Cookies and browser launch methods Hey All, I've just bumped into a situation I haven't seen before and am wondering if anyone can explain why this happens. The Situation: A site that uses a sessions table in the DB and stores the session ID in a non-persistent cookie once the user logs in. The site is colour coded based on the user's group. If I open a browser and login as a user of group A and then use CTRL+N to launch a new window and login as a user of group B, the second login logs me in as the first user. Now that's not odd, because the cookie's name is the same no matter what user group, so what happens when I log in as the second user is the security routine is bypassed (because the cookie already exists from the first user login) and the app continues as if the first user was logged in. Now for the weirdness. If I do the same as above EXCEPT I don't use CTRL+N to open a new windowI use the IE icon in my taskbar. When I do that and log in, I do get logged in as a user of group B (different colour scheme shows). So what is the difference where cookies are concerned when launching a new window via CTRL+N or from the taskbar? Clearly there is some sort of seperation when launching from the taskbar, so if anyone can explain it (and provide a solution) that would be great. I could of course have different cookie names for different user groups (which I may do anyway), but I'd really like to understand what's going on. BTW this has happened in IE 5.5 and 6 TIA Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies and browser launch methods
Bryan, The tricky detail in your scenario is the non-persistent cookie. (See note at bottom for details on persistant/non persist cookies) Now, when you launch a New browser via CTRL+N, it gets a copy of ALL the vars in memory at that time from the original (including your non persistant cookie). However, when you launch a new browser via the link, it will open up a new instance in it's own memory space and thus does not have the cookie existing. The reason for the 'Taskbar' 2nd browser not running in the same memory space as the first two is probably due to the little tick box on the shortcut which says 'Run in seperate memory space'. (Win2k, if it's not Win2k .. then ask Microsoft :-) If we wanted a web application to be able to have mulitple logins from the same workstation, I would use a seperate cookie name. side note As you know, when the cookie is persistent, it is stored on disk, for all and any instances of that browser to see. So if you closed a browser (and the cookie didn't expire, and the session didn't expire) and opened a new browser within the session/cookie timeframe, then you will of course get the existing session. /side note hope that helps, I may be off is some places (all ?) but from what i can tell and my experience this fits the bill. cheers Ramon Buckland -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Thursday, 3 April 2003 8:53 AM To: CF-Talk Subject: Cookies and browser launch methods Hey All, I've just bumped into a situation I haven't seen before and am wondering if anyone can explain why this happens. The Situation: A site that uses a sessions table in the DB and stores the session ID in a non-persistent cookie once the user logs in. The site is colour coded based on the user's group. If I open a browser and login as a user of group A and then use CTRL+N to launch a new window and login as a user of group B, the second login logs me in as the first user. Now that's not odd, because the cookie's name is the same no matter what user group, so what happens when I log in as the second user is the security routine is bypassed (because the cookie already exists from the first user login) and the app continues as if the first user was logged in. Now for the weirdness. If I do the same as above EXCEPT I don't use CTRL+N to open a new windowI use the IE icon in my taskbar. When I do that and log in, I do get logged in as a user of group B (different colour scheme shows). So what is the difference where cookies are concerned when launching a new window via CTRL+N or from the taskbar? Clearly there is some sort of seperation when launching from the taskbar, so if anyone can explain it (and provide a solution) that would be great. I could of course have different cookie names for different user groups (which I may do anyway), but I'd really like to understand what's going on. BTW this has happened in IE 5.5 and 6 TIA Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Cookies and browser launch methods
Thanks Justin and Ramon, I figured it was something along these lines. It's good to know about that little checkbox for memory space ;-) This app doesn't timeout, and there could be sessin hijacking with persistent cookies...so I just take away the possibility ;-) Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Buckland, Ramon [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 3:55 PM Subject: RE: Cookies and browser launch methods Bryan, The tricky detail in your scenario is the non-persistent cookie. (See note at bottom for details on persistant/non persist cookies) Now, when you launch a New browser via CTRL+N, it gets a copy of ALL the vars in memory at that time from the original (including your non persistant cookie). However, when you launch a new browser via the link, it will open up a new instance in it's own memory space and thus does not have the cookie existing. The reason for the 'Taskbar' 2nd browser not running in the same memory space as the first two is probably due to the little tick box on the shortcut which says 'Run in seperate memory space'. (Win2k, if it's not Win2k .. then ask Microsoft :-) If we wanted a web application to be able to have mulitple logins from the same workstation, I would use a seperate cookie name. side note As you know, when the cookie is persistent, it is stored on disk, for all and any instances of that browser to see. So if you closed a browser (and the cookie didn't expire, and the session didn't expire) and opened a new browser within the session/cookie timeframe, then you will of course get the existing session. /side note hope that helps, I may be off is some places (all ?) but from what i can tell and my experience this fits the bill. cheers Ramon Buckland -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Thursday, 3 April 2003 8:53 AM To: CF-Talk Subject: Cookies and browser launch methods Hey All, I've just bumped into a situation I haven't seen before and am wondering if anyone can explain why this happens. The Situation: A site that uses a sessions table in the DB and stores the session ID in a non-persistent cookie once the user logs in. The site is colour coded based on the user's group. If I open a browser and login as a user of group A and then use CTRL+N to launch a new window and login as a user of group B, the second login logs me in as the first user. Now that's not odd, because the cookie's name is the same no matter what user group, so what happens when I log in as the second user is the security routine is bypassed (because the cookie already exists from the first user login) and the app continues as if the first user was logged in. Now for the weirdness. If I do the same as above EXCEPT I don't use CTRL+N to open a new windowI use the IE icon in my taskbar. When I do that and log in, I do get logged in as a user of group B (different colour scheme shows). So what is the difference where cookies are concerned when launching a new window via CTRL+N or from the taskbar? Clearly there is some sort of seperation when launching from the taskbar, so if anyone can explain it (and provide a solution) that would be great. I could of course have different cookie names for different user groups (which I may do anyway), but I'd really like to understand what's going on. BTW this has happened in IE 5.5 and 6 TIA Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: cookies and base64
tostring() -- Ben Doom Programmer General Lackey Moonbow Software, Inc : -Original Message- : From: admin [mailto:[EMAIL PROTECTED] : Sent: Thursday, March 20, 2003 2:46 PM : To: CF-Talk : Subject: cookies and base64 : : : I need to read a cookie that is written by a php application and : encoded base64 - any suggestions ? : : TIA : : Richard : : ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cookies and base64
great ! thanks Ben - Original Message - From: Ben Doom [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:53 AM Subject: RE: cookies and base64 tostring() -- Ben Doom Programmer General Lackey Moonbow Software, Inc : -Original Message- : From: admin [mailto:[EMAIL PROTECTED] : Sent: Thursday, March 20, 2003 2:46 PM : To: CF-Talk : Subject: cookies and base64 : : : I need to read a cookie that is written by a php application and : encoded base64 - any suggestions ? : : TIA : : Richard : : ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies vs ClientVariables(as cookies)
Cookies would probably do what you want ... setting it after the first time they log in. But you'll want to have a way for admins to log in when they don't have a cookie (from a different machine, after deleting their cookies for some reason, getting a new computer, etc.) H. -Original Message- From: E. Keith Dodd [SMTP:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 5:52 AM To: CF-Talk Subject: Cookies vs ClientVariables(as cookies) (Sent this Tuesday, but it never showed up on the list) Want to be able to recognize a few users as site *administrators*, giving them option to logon (creating session variables, user structure, etc.) if they want when come to their site. Or choose not to logon, staying out of administrative mode. Since this would just involve recognizing them as potential administrator, seems like a regular cookie might make more sense than client variables (stored as cookies), which I've used in the past for this function. Would just be testing whether the cookie exists or not. Would appreciate any comments on whether the cookie makes most sense in this situation. (I may not be quite understanding the difference, too!) Thanks! E. Keith Dodd Wings of Eagles Services www.wingserv.com - [This E-mail scanned for viruses by declude AntiVirus Software] ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Cookies vs ClientVariables(as cookies)
Thanks, Howard, that seemed to make sense. Yes, I have a non-cookie way to log in, with the cookie set only if the browser will be used on regular basis for administration. One question: If I set expire attribute (in cfcookie) to something like 30 (I assume that is days), do I need to reset the cookie each time they logon, or does the cookie take care of updating itself each time person revisits site, extending the 30 days from current date? Keith - Original Message - From: Owens, Howard [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 1:13 PM Subject: RE: Cookies vs ClientVariables(as cookies) Cookies would probably do what you want ... setting it after the first time they log in. But you'll want to have a way for admins to log in when they don't have a cookie (from a different machine, after deleting their cookies for some reason, getting a new computer, etc.) H. - [This E-mail scanned for viruses by declude AntiVirus Software] ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies vs ClientVariables(as cookies)
Keith: That's a question really about what sort of rules you want to enforce. You can reset it every time they log in, or not. I would say reset it. Here's what the docs say about exspires: Optional. Schedules the expiration of a cookie variable. Can be specified as a date (as in, 10/09/97), number of days (as in, 10, 100), Now, or Never. Using Now effectively deletes the cookie from the client browser. H. -Original Message- From: E. Keith Dodd [SMTP:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 10:58 AM To: CF-Talk Subject: Re: Cookies vs ClientVariables(as cookies) Thanks, Howard, that seemed to make sense. Yes, I have a non-cookie way to log in, with the cookie set only if the browser will be used on regular basis for administration. One question: If I set expire attribute (in cfcookie) to something like 30 (I assume that is days), do I need to reset the cookie each time they logon, or does the cookie take care of updating itself each time person revisits site, extending the 30 days from current date? Keith - Original Message - From: Owens, Howard [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 1:13 PM Subject: RE: Cookies vs ClientVariables(as cookies) Cookies would probably do what you want ... setting it after the first time they log in. But you'll want to have a way for admins to log in when they don't have a cookie (from a different machine, after deleting their cookies for some reason, getting a new computer, etc.) H. - [This E-mail scanned for viruses by declude AntiVirus Software] ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies allowed
How do I check if cookies are allowed on a machine if thats even possible? You can't really do that directly, usually. Typically, you set a cookie on one page, and if it's available in the next page, then you know that cookies are allowed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Cookies allowed
Parker, Kevin wrote: How do I check if cookies are allowed on a machine if thats even possible? Set a cookie on one page, and then check if it exists on the next Jesse ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies allowed
Is it appropriate to set it in application.cfm ** Kevin Parker Web Services Manager WorkCover Corporation [EMAIL PROTECTED] www.workcover.com p: 08 82332548 f: 08 82332000 m: 0418 806 166 ** -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 January 2003 10:41 AM To: CF-Talk Subject: RE: Cookies allowed How do I check if cookies are allowed on a machine if thats even possible? You can't really do that directly, usually. Typically, you set a cookie on one page, and if it's available in the next page, then you know that cookies are allowed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Cookies allowed
Parker, Kevin wrote: Is it appropriate to set it in application.cfm It is not possible to check it on one page if you include it in the application. You can however put the check for the cookie in the application. This is because the application gets included in the called template all the way at the top, and it does not generate another request that gets sent to the client (hence no cookies get set until the application *and* the template have fully executed). Jesse ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies allowed
Dave, I think if its CFMX and J2ee session.. this can be done automatically with that function(UrlJSessionID()) or some like that. Joe -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 7:11 PM To: CF-Talk Subject: RE: Cookies allowed How do I check if cookies are allowed on a machine if thats even possible? You can't really do that directly, usually. Typically, you set a cookie on one page, and if it's available in the next page, then you know that cookies are allowed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cookies allowed
I think if its CFMX and J2ee session.. this can be done automatically with that function(UrlJSessionID()) or some like that. It doesn't matter whether you're using J2EE sessions, or CFMX, or .NET, or anything else - the only way to guarantee the existence of a cookie, within server-side code, is to set the cookie on one page and test for its existence on subsequent pages. You can, however, use URL variables instead of cookies for state management, and CFMX provides some tools to help that, such as the URLSessionFormat function or the ADDTOKEN attribute of CFLOCATION. The URLSessionFormat function will append the session identifying tokens if they're not passed to the page via cookies, I think. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Cookies allowed
How do I check if cookies are allowed on a machine if thats even possible? cfif isdefined(cookie.tmtCookieTest) cflocation url=yescookie.htm addtoken=No cfelseif not isdefined(url.tmtCookieSend) !--- First time the user visit the page, set the cookie --- cfcookie name=tmtCookieTest value=Accepts cookies !--- The cookie was send, redirect and set the tmtCookieSend flag as an url variable --- cfheader name=Refresh value=0; URL=#cgi.script_name#?tmtCookieSend=1 cfelseif isdefined(url.tmtCookieSend) !--- We tried sending the cookie, no way, cookies are disabled, get out of here --- cflocation url=nocookie.htm addtoken=No /cfif Massimo Foti Team Macromedia Volunteer for Dreamweaver http://www.macromedia.com/go/team ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: cookies / WDDX
complex data cannot be stored in a cookie. the best way to handle itclient variables, that are stored in a db or in the registry. I think you can store in the registry like you store in a db. either way, I solved the same problem you have by using a structure full of vars that are stored in session variables while the user is active, and in client variables, while the user is gone. ..tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Gyrus [mailto:gyrus;rooted.freeuk.com] Sent: Friday, November 15, 2002 3:57 PM To: CF-Talk Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
Re: cookies / WDDX
I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
RE: cookies / WDDX
bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? ..tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Re: cookies / WDDX
6) set a cookie with the value of the WDDX packet using CFCOOKIE I'm worried about cookie limitations. I'm having to replicate another form, which seems quite large (well, 22 smallish parts). Also, there's a system for attaching text reminders to each part, plus info to store on whether each part is completed or not. This is for one form - there'll be at least one more in the near future. How much can cookies handle?! I would plump for a datasource or session/client variables, but you know how it is, I've not been provided with information as to the set-up on the destination site (the bit I'm doing is a small part of a large site), and I'm finding it really difficult to contact any with info! Groan. Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
Re: cookies / WDDX
Ah yes Tony...but a WDDX packet containing a query object is just a string ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Tony Weeg [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:08 PM Subject: RE: cookies / WDDX complex data cannot be stored in a cookie. the best way to handle itclient variables, that are stored in a db or in the registry. I think you can store in the registry like you store in a db. either way, I solved the same problem you have by using a structure full of vars that are stored in session variables while the user is active, and in client variables, while the user is gone. ..tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Gyrus [mailto:gyrus;rooted.freeuk.com] Sent: Friday, November 15, 2002 3:57 PM To: CF-Talk Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: cookies / WDDX
cookie files have a limit of around 4K. No you can't put a complex var in a cookie (it's just a text file - you can only write a string to a text file) and yes, WDDX is just a string. Due to it's verbosity, if you're running CFMX I definitely recommend creating an XML packet and storing that in the cookie - not a WDDX packet. You're going to find that WDDX packets will become real big real fast and then you can't stuff them into cookies. Just a heads-up for you... have a good weekend ~Simon Simon Horwith Macromedia Certified Instructor Certified Advanced ColdFusion MX Developer Fig Leaf Software 1400 16th St NW, # 220 Washington DC 20036 202.797.6570 (direct line) www.figleaf.com -Original Message- From: Tony Weeg [mailto:tony;navtrak.net] Sent: Friday, 15 November, 2002 4:30 PM To: CF-Talk Subject: RE: cookies / WDDX bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? .tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
Re: cookies / WDDX
Actually Tony it works like a dream and allows me to avoid using SESSION vars keeping the system 100% scalable to a clustered environment if required. ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Tony Weeg [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:29 PM Subject: RE: cookies / WDDX bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? ..tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Re: cookies / WDDX
Yes you do have to watch the upper cookie limits, but for what I'm doing (maintaining a 15 or so field reg form and the contents of a small shopping cart), it works great. You could have 1 cookie for each part of the form. Unless your forms are HUGE, I don't see a problem. Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:34 PM Subject: Re: cookies / WDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE I'm worried about cookie limitations. I'm having to replicate another form, which seems quite large (well, 22 smallish parts). Also, there's a system for attaching text reminders to each part, plus info to store on whether each part is completed or not. This is for one form - there'll be at least one more in the near future. How much can cookies handle?! I would plump for a datasource or session/client variables, but you know how it is, I've not been provided with information as to the set-up on the destination site (the bit I'm doing is a small part of a large site), and I'm finding it really difficult to contact any with info! Groan. Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
Re: cookies / WDDX
Still on CF 5, but ya..if in CFMX I'd use XML for sure...thanks for the heads up Simon Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Simon Horwith [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:50 PM Subject: RE: cookies / WDDX cookie files have a limit of around 4K. No you can't put a complex var in a cookie (it's just a text file - you can only write a string to a text file) and yes, WDDX is just a string. Due to it's verbosity, if you're running CFMX I definitely recommend creating an XML packet and storing that in the cookie - not a WDDX packet. You're going to find that WDDX packets will become real big real fast and then you can't stuff them into cookies. Just a heads-up for you... have a good weekend ~Simon Simon Horwith Macromedia Certified Instructor Certified Advanced ColdFusion MX Developer Fig Leaf Software 1400 16th St NW, # 220 Washington DC 20036 202.797.6570 (direct line) www.figleaf.com -Original Message- From: Tony Weeg [mailto:tony;navtrak.net] Sent: Friday, 15 November, 2002 4:30 PM To: CF-Talk Subject: RE: cookies / WDDX bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? .tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
RE: cookies / WDDX
How are you going to test byte length before adding it to the cookie? Come on, every way you cut it a cookie solutions is a bad idea. One character too many and the cookie is corrupted. Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Simon Horwith [mailto:shorwith;figleaf.com] Sent: Friday, November 15, 2002 4:51 PM To: CF-Talk Subject: RE: cookies / WDDX cookie files have a limit of around 4K. No you can't put a complex var in a cookie (it's just a text file - you can only write a string to a text file) and yes, WDDX is just a string. Due to it's verbosity, if you're running CFMX I definitely recommend creating an XML packet and storing that in the cookie - not a WDDX packet. You're going to find that WDDX packets will become real big real fast and then you can't stuff them into cookies. Just a heads-up for you... have a good weekend ~Simon Simon Horwith Macromedia Certified Instructor Certified Advanced ColdFusion MX Developer Fig Leaf Software 1400 16th St NW, # 220 Washington DC 20036 202.797.6570 (direct line) www.figleaf.com -Original Message- From: Tony Weeg [mailto:tony;navtrak.net] Sent: Friday, 15 November, 2002 4:30 PM To: CF-Talk Subject: RE: cookies / WDDX bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
RE: cookies / WDDX
Gyrus, Don't put it in a cookie. If you corrupt a user's cookie, they will hate you forever. Every time they come back, the server will see it exists, but it won't be able to get any data out of it. Which really sucks. You really don't want to have to post detailed instructions on how to delete a cookie either. The database CLIENT/SESSION variables are the best way to do it. However, if you are coding blind, maybe you can just create some temporary XML files, and store them on the server. It's not going to be as responsive as the database, but it shouldn't be too bad. Good luck. Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Gyrus [mailto:gyrus;rooted.freeuk.com] Sent: Friday, November 15, 2002 4:34 PM To: CF-Talk Subject: Re: cookies / WDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE I'm worried about cookie limitations. I'm having to replicate another form, which seems quite large (well, 22 smallish parts). Also, there's a system for attaching text reminders to each part, plus info to store on whether each part is completed or not. This is for one form - there'll be at least one more in the near future. How much can cookies handle?! I would plump for a datasource or session/client variables, but you know how it is, I've not been provided with information as to the set-up on the destination site (the bit I'm doing is a small part of a large site), and I'm finding it really difficult to contact any with info! Groan. Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
Re: cookies / WDDX
Yes but my upper limits are well below the cookie upper limits ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Adrocknaphobia Jones [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:58 PM Subject: RE: cookies / WDDX How are you going to test byte length before adding it to the cookie? Come on, every way you cut it a cookie solutions is a bad idea. One character too many and the cookie is corrupted. Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Simon Horwith [mailto:shorwith;figleaf.com] Sent: Friday, November 15, 2002 4:51 PM To: CF-Talk Subject: RE: cookies / WDDX cookie files have a limit of around 4K. No you can't put a complex var in a cookie (it's just a text file - you can only write a string to a text file) and yes, WDDX is just a string. Due to it's verbosity, if you're running CFMX I definitely recommend creating an XML packet and storing that in the cookie - not a WDDX packet. You're going to find that WDDX packets will become real big real fast and then you can't stuff them into cookies. Just a heads-up for you... have a good weekend ~Simon Simon Horwith Macromedia Certified Instructor Certified Advanced ColdFusion MX Developer Fig Leaf Software 1400 16th St NW, # 220 Washington DC 20036 202.797.6570 (direct line) www.figleaf.com -Original Message- From: Tony Weeg [mailto:tony;navtrak.net] Sent: Friday, 15 November, 2002 4:30 PM To: CF-Talk Subject: RE: cookies / WDDX bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method
Re: cookies / WDDX
The database CLIENT/SESSION variables are the best way to do it. However, if you are coding blind, maybe you can just create some temporary XML files, and store them on the server. It's not going to be as responsive as the database, but it shouldn't be too bad. Ah, but I don't know if CFFILE is running... Or what version of CF it is! So much for me swearing a while ago that I'd never start a job again without this sort of info and a signed-off scope doc :-| But this is a sub-contract for someone I know, and he knows his stuff. Well, maybe not as well as I thought... Many thanks for the advice - thoughts still welcome, but it does look like I'm in quandary with this one. I'll just plough ahead with all the HTML I can do until I can get word on this from the horse's mouth. Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
Re: cookies / WDDX
I didn't mention this, but it's a non-persistent cookie and is gone when the browser is closed. So no need to worry about corrupting a cookie and it still being there next time the user logs in ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Adrocknaphobia Jones [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:58 PM Subject: RE: cookies / WDDX Gyrus, Don't put it in a cookie. If you corrupt a user's cookie, they will hate you forever. Every time they come back, the server will see it exists, but it won't be able to get any data out of it. Which really sucks. You really don't want to have to post detailed instructions on how to delete a cookie either. The database CLIENT/SESSION variables are the best way to do it. However, if you are coding blind, maybe you can just create some temporary XML files, and store them on the server. It's not going to be as responsive as the database, but it shouldn't be too bad. Good luck. Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Gyrus [mailto:gyrus;rooted.freeuk.com] Sent: Friday, November 15, 2002 4:34 PM To: CF-Talk Subject: Re: cookies / WDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE I'm worried about cookie limitations. I'm having to replicate another form, which seems quite large (well, 22 smallish parts). Also, there's a system for attaching text reminders to each part, plus info to store on whether each part is completed or not. This is for one form - there'll be at least one more in the near future. How much can cookies handle?! I would plump for a datasource or session/client variables, but you know how it is, I've not been provided with information as to the set-up on the destination site (the bit I'm doing is a small part of a large site), and I'm finding it really difficult to contact any with info! Groan. Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: cookies / WDDX
:) cool. i hate it when i think i am giving the right answer to someone and really im not, and well...anyway, its friday night !!! off to the pub. tw -Original Message- From: Bryan Stevenson [mailto:bryan;electricedgesystems.com] Sent: Friday, November 15, 2002 4:53 PM To: CF-Talk Subject: Re: cookies / WDDX Ah yes Tony...but a WDDX packet containing a query object is just a string ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Tony Weeg [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 1:08 PM Subject: RE: cookies / WDDX complex data cannot be stored in a cookie. the best way to handle itclient variables, that are stored in a db or in the registry. I think you can store in the registry like you store in a db. either way, I solved the same problem you have by using a structure full of vars that are stored in session variables while the user is active, and in client variables, while the user is gone. ..tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Gyrus [mailto:gyrus;rooted.freeuk.com] Sent: Friday, November 15, 2002 3:57 PM To: CF-Talk Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: cookies / WDDX
Just a thought, how do you test for xml or the wddx string if they had already reached the limit? Do i save the file first and check for the physical size on my server? Any other proven methods? Anthony -Original Message- From: Simon Horwith [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 16, 2002 5:51 AM To: CF-Talk Subject: RE: cookies / WDDX cookie files have a limit of around 4K. No you can't put a complex var in a cookie (it's just a text file - you can only write a string to a text file) and yes, WDDX is just a string. Due to it's verbosity, if you're running CFMX I definitely recommend creating an XML packet and storing that in the cookie - not a WDDX packet. You're going to find that WDDX packets will become real big real fast and then you can't stuff them into cookies. Just a heads-up for you... have a good weekend ~Simon Simon Horwith Macromedia Certified Instructor Certified Advanced ColdFusion MX Developer Fig Leaf Software 1400 16th St NW, # 220 Washington DC 20036 202.797.6570 (direct line) www.figleaf.com -Original Message- From: Tony Weeg [mailto:[EMAIL PROTECTED]] Sent: Friday, 15 November, 2002 4:30 PM To: CF-Talk Subject: RE: cookies / WDDX bryan, I thought for sure I read that you couldn't store complex vars in a cookie.but I guess a wddx packet can really be percieved as a string, and if the length works, then it will be okbut not really the best way to do it...huh? tony Tony Weeg Senior Web Developer Information System Design Navtrak, Inc. Fleet Management Solutions www.navtrak.net 410.548.2337 -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED]] Sent: Friday, November 15, 2002 4:15 PM To: CF-Talk Subject: Re: cookies / WDDX I'm doing just what you are right now. Follow these steps: 1) form is posted 2) create a new query using QueryNew() 3) add a row to the query using QueryAddRow() 4) add all the form data to the row in the query usingh QuerySetCell() 5) serialize the query into a WDDX packet using CFWDDX 6) set a cookie with the value of the WDDX packet using CFCOOKIE Then wherever you need the data. 1) deserialze the WDDX packet in the cookie 2) voila you have a query with all form data in it 3) do whatever ya need to to re-create your form as it was left HTH Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 15, 2002 12:57 PM Subject: SOT: cookies / WDDX I'm trying to build some multi-part forms that are supposed to store all the form data in cookies, so people can leave bits unfinished, come back at a later date and finish the form off. The forms aren't *massive*, but they're not small either - not entirely sure how much data could be stored, but I'm trying to find out some limits to plan the project. It says in O'Reilly's JS Bible that web browsers don't store more than 20 cookies per domain and each cookie can't be more than 4 KB in size. Now, 4 KB is probably not enough to store ALL potential data - but 20 is not enough if I tried to store each *field* in a separate cookie. I've heard about WDDX being used to interact between CF and JS, but I've not used it before, and I can't think how it could overcome the above cookie limitations. I'd be grateful if anyone had any more info on cookie limitations, or ideas about how to handle this situation (without a DB!). Gyrus [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net PGP key available ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
Re: Cookies
I imagine you used something like the code below to expire the cookies. The only thing I can think of is that it is expiring one of the cookies and leaving the other intact. then they login again and it sets another to their browser. Maybe looping through somehow to check cfloop from=1 to=10 index=count cfif IsDefined(Cookie.cookieName) cfoutput#count#nbsp;/cfoutputI am still herebr CFCOOKIE NAME=cookieName EXPIRES=NOW cfelse cfoutput#count#nbsp;/cfoutputI am now gonebr /cfif /cfloop Success is a journey, not a destination!! Doug Brown - Original Message - From: J L [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, April 11, 2002 8:17 AM Subject: Cookies hi all, What is the best way to delete all the cookies in clients' browsers? Somehow many of our clients' browsers have a pair of cookies which are exactly the same (Same name and same value). And I have tried expiring two times of that cookie and it does not work. Thanks, J ___ Get the FREE email that has everyone talking at http://www.mail2world.com __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies
i was able to assign and delete all the cookies using the following code. Notice the use of the cfloop over a collection so you are sure that all cookie the site might have assigned are expired (deleted). Remember that the cookies don't actually get deleted from the user hardrive until after the page is executed. So if you notice that the first time you execute index2.cfm you will not get an error about the cookies not being there. if you refresh the page though, you will get the error. the first time the page executes the second set of outputing the cookie values return empty strings. index.cfm = cfcookie name=test value=test expires=NEVER cfcookie name=test1 value=test1 expires=NEVER cfcookie name=test2 value=test2 expires=NEVER a href=index2.cfmnext/a index2.cfm == cfoutput #cookie.test#br #cookie.test1#br #cookie.test2# /cfoutput cfloop collection=#cookie# item=i cfcookie name=#i# value= expires=NOW /cfloop cfoutput #cookie.test#br #cookie.test1#br #cookie.test2#br /cfoutput Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Douglas Brown [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 11, 2002 12:04 PM To: CF-Talk Subject: Re: Cookies I imagine you used something like the code below to expire the cookies. The only thing I can think of is that it is expiring one of the cookies and leaving the other intact. then they login again and it sets another to their browser. Maybe looping through somehow to check cfloop from=1 to=10 index=count cfif IsDefined(Cookie.cookieName) cfoutput#count#nbsp;/cfoutputI am still herebr CFCOOKIE NAME=cookieName EXPIRES=NOW cfelse cfoutput#count#nbsp;/cfoutputI am now gonebr /cfif /cfloop Success is a journey, not a destination!! Doug Brown - Original Message - From: J L [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, April 11, 2002 8:17 AM Subject: Cookies hi all, What is the best way to delete all the cookies in clients' browsers? Somehow many of our clients' browsers have a pair of cookies which are exactly the same (Same name and same value). And I have tried expiring two times of that cookie and it does not work. Thanks, J ___ Get the FREE email that has everyone talking at http://www.mail2world.com __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies
The problem that i have is that there are 2 pairs CFIDs and CFTOKENs. And we are trying to delete those two and let CFserver to create a new pair. I have tried many ways to delete those 2 pairs (same name) and nothing is working ___ Get the FREE email that has everyone talking at http://www.mail2world.com -Original Message- From: [EMAIL PROTECTED] Sent: 4/11/2002 3:52:18 PM To: [EMAIL PROTECTED] Subject: RE: Cookies i was able to assign and delete all the cookies using the following code.Notice the use of the cfloop over a collection so you are sure that allcookie the site might have assigned are expired (deleted). Remember that thecookies don't actually get deleted from the user hardrive until after thepage is executed. So if you notice that the first time you executeindex2.cfm you will not get an error about the cookies not being there. ifyou refresh the page though, you will get the error. the first time the pageexecutes the second set of outputing the cookie values return empty strings.index.cfm=nextindex2.cfm==#cookie.test# #cookie.test1# #cookie.test2# #cookie.test# #cookie.test1# #cookie.test2# Anthony [EMAIL PROTECTED]http://www.sheriff org-Original Message-From: Douglas Brown [mailto:[EMAIL PROTECTED]]Sent: Thursday, April 11, 2002 12:04 PMTo: CF-TalkSubject: Re: CookiesI imagine you used something like the code below to expire the cookies. Theonlything I can think of is that it is expiring one of the cookies and leavingtheother intact. then they login again and it sets another to their browser.Maybelooping through somehow to check #count# I am still here #count# I am now gone Success is a journey, not a destination!!Doug Brown- Original Message -From: J L To: CF-Talk Sent: Thursday, April 11, 2002 8:17 AMSubject: Cookies hi all, What is the best way to delete all the cookies in clients' browsers? Somehow many of our clients' browsers have a pair of cookies which are exactly the same (Same name and same value). And I have tried expiring two times of that cookie and it does not work. Thanks, J ___ Get the FREE email that has everyone talking at http://www.mail2world.com __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies, Is this possible?
I'm pretty sure you CAN do this. cfcookie name=myCookie value=myValue expires=NEVER domain=.macromedia.com; .allaire.com; .cflib.org Mark -Original Message- From: Tony Schreiber [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 11:27 PM To: CF-Talk Subject: Re: cookies, Is this possible? Cookies can be read and set only within their own domain. So you can't read a product2.com cookie on the product1.com website. I have a client with multiple domains www.product1.com www.product2.com www.product3.com. To gain acces to certain information on these sites a user would need to log in. I was thinking of the user signing up and then setting a cookie on their machine to allow them access to the other sites, with out having to log in again each time. Down the track the sites will be hosted on the same server so this may be helpful in some way. Is this possible does some one have any ideas on how this may work.. thanks trent __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies, Is this possible?
By RFC cookies cannot be shared between domains, so this is not possible. If the domains share the same client storage then you can use cfid/cftoken to manage access between sites... Regards, Howie - Original Message - From: trent [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, December 17, 2001 11:08 PM Subject: cookies, Is this possible? I have a client with multiple domains www.product1.com www.product2.com www.product3.com. To gain acces to certain information on these sites a user would need to log in. I was thinking of the user signing up and then setting a cookie on their machine to allow them access to the other sites, with out having to log in again each time. Down the track the sites will be hosted on the same server so this may be helpful in some way. Is this possible does some one have any ideas on how this may work.. thanks trent Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies, Is this possible?
Cookies can be read and set only within their own domain. So you can't read a product2.com cookie on the product1.com website. I have a client with multiple domains www.product1.com www.product2.com www.product3.com. To gain acces to certain information on these sites a user would need to log in. I was thinking of the user signing up and then setting a cookie on their machine to allow them access to the other sites, with out having to log in again each time. Down the track the sites will be hosted on the same server so this may be helpful in some way. Is this possible does some one have any ideas on how this may work.. thanks trent This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies and the old switcharoo
Are these three different requests? (i.e. they submit the form, and the verification page is run, then another HTTP request takes them to the menu page?) If not, your problem might be trying to set and access the cookies on the same page. Take another look at your app structure and make sure there's a request between setting cookies and reading them. Also, I don't think you're gaining anything by clearing and setting cookies on the same page, or by locking form variables. -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 12:42 PM To: CF-Talk Subject: Cookies and the old switcharoo Hey everyone, I am having a problems where I have created a log in page for representatives to take a test. The page creates rep cookies that, by the time the menu page is reached, have jumbled each client's variables to someone else's. For example, Steve and John and Sally log in and hit the menu page and the menu page displays johns name on Sally's computer, Sally might also display Sally and and Steve has himself too. But as you can tell this makes for terrible inserts and test taking. So I am looking for some suggestions... here is the code: Log on Page --- cfform action=repverification.cfm method=post h1Please enter the following information:/h1 p br table width=75% border=0 tr td width=14%Name: /td td width=86% cfinput type=text name=RepName size=20 required=Yes message=please enter your name /td /tr tr td width=14%ID:/td td width=86% CFinput type=text name=RepID maxlength=5 message=Your ID must be 5 digits in length size=20 required=Yes b(First 5 digits of SSN.)/b /td /tr /table pbr input type=submit name=Submit value=Submit /cfform This is the verification page's code: -- cfapplication name=PerfTracksessionmanagement=Yes cfcookie name=repname expires=NOW cfcookie name=repid expires=NOW cflock name=repvars timeout=60 throwontimeout=Yes type=EXCLUSIVE CFcookie NAME=repname VALUE=#form.repname# EXPIRES=2 CFcookie NAME=repid VALUE=#form.repid# EXPIRES=2 /cflock and the menu just displays their name, this is a basic example so as to pare you a lot of verifying cfoutput Welcome Back #cookie.repname# your ID is #cookie.repid# #cookie.cftoken# /cfoutput Any help would be VERY appreciated. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning ~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies and the old switcharoo
Thanks Eric, Indeed yes they are three separate .cfm pages. In the first form, called logon.cfm, a submit leads to the second page called verification.cfm. Once there, a meta refresh tag meta http-equiv=refresh content=.1; URL=nhrepmenu.cfm takes you to the menu page called repmenu.cfm. As for the deletion of existing cookies and locked vars, those are both recent adds in an attempt to combat this problem. I know cookies over write each other, but something is cause people to come up with other peoples cookie, so I thought if I deleted all cookies before setting them, it may clear up some of the issues.. the locking was another attempt to keep each cookie unique to the user. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning -Original Message- From: Maia, Eric [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:01 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Are these three different requests? (i.e. they submit the form, and the verification page is run, then another HTTP request takes them to the menu page?) If not, your problem might be trying to set and access the cookies on the same page. Take another look at your app structure and make sure there's a request between setting cookies and reading them. Also, I don't think you're gaining anything by clearing and setting cookies on the same page, or by locking form variables. -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 12:42 PM To: CF-Talk Subject: Cookies and the old switcharoo Hey everyone, I am having a problems where I have created a log in page for representatives to take a test. The page creates rep cookies that, by the time the menu page is reached, have jumbled each client's variables to someone else's. For example, Steve and John and Sally log in and hit the menu page and the menu page displays johns name on Sally's computer, Sally might also display Sally and and Steve has himself too. But as you can tell this makes for terrible inserts and test taking. So I am looking for some suggestions... here is the code: Log on Page --- cfform action=repverification.cfm method=post h1Please enter the following information:/h1 p br table width=75% border=0 tr td width=14%Name: /td td width=86% cfinput type=text name=RepName size=20 required=Yes message=please enter your name /td /tr tr td width=14%ID:/td td width=86% CFinput type=text name=RepID maxlength=5 message=Your ID must be 5 digits in length size=20 required=Yes b(First 5 digits of SSN.)/b /td /tr /table pbr input type=submit name=Submit value=Submit /cfform This is the verification page's code: -- cfapplication name=PerfTracksessionmanagement=Yes cfcookie name=repname expires=NOW cfcookie name=repid expires=NOW cflock name=repvars timeout=60 throwontimeout=Yes type=EXCLUSIVE CFcookie NAME=repname VALUE=#form.repname# EXPIRES=2 CFcookie NAME=repid VALUE=#form.repid# EXPIRES=2 /cflock and the menu just displays their name, this is a basic example so as to pare you a lot of verifying cfoutput Welcome Back #cookie.repname# your ID is #cookie.repid# #cookie.cftoken# /cfoutput Any help would be VERY appreciated. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning ~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies and the old switcharoo
I'm still not sure exactly what's going on here, but here are some musings in case you haven't already explored these leads: 1. Are these reps using the same machine to log in, or do they each have a separate machine? Your cookies would only be causing the problem if they are on the same machine. 2. Bear in mind that CF will be setting 4 cookies: cfid, cftoken, repname, repid. (the first two are set automatically by the cfapplication call.) One thing you might try is clear all four cookies on the form page, so you're sure you're starting from a blank slate. (If I remember correctly, the main time I ran into this problem was when I was trying to set client variables and offer users the option of auto-login as a convenience. e.g. on login page, check for client.rememberme and if so, bypass the login, just pull user info from db based on client.userid... got all messed up, and people were getting each others' sessions all over the place. I went back to forcing everyone to log in, and it's been fine for over a year.) -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:50 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Thanks Eric, Indeed yes they are three separate .cfm pages. In the first form, called logon.cfm, a submit leads to the second page called verification.cfm. Once there, a meta refresh tag meta http-equiv=refresh content=.1; URL=nhrepmenu.cfm takes you to the menu page called repmenu.cfm. As for the deletion of existing cookies and locked vars, those are both recent adds in an attempt to combat this problem. I know cookies over write each other, but something is cause people to come up with other peoples cookie, so I thought if I deleted all cookies before setting them, it may clear up some of the issues.. the locking was another attempt to keep each cookie unique to the user. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning -Original Message- From: Maia, Eric [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:01 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Are these three different requests? (i.e. they submit the form, and the verification page is run, then another HTTP request takes them to the menu page?) If not, your problem might be trying to set and access the cookies on the same page. Take another look at your app structure and make sure there's a request between setting cookies and reading them. Also, I don't think you're gaining anything by clearing and setting cookies on the same page, or by locking form variables. -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 12:42 PM To: CF-Talk Subject: Cookies and the old switcharoo Hey everyone, I am having a problems where I have created a log in page for representatives to take a test. The page creates rep cookies that, by the time the menu page is reached, have jumbled each client's variables to someone else's. For example, Steve and John and Sally log in and hit the menu page and the menu page displays johns name on Sally's computer, Sally might also display Sally and and Steve has himself too. But as you can tell this makes for terrible inserts and test taking. So I am looking for some suggestions... here is the code: Log on Page --- cfform action=repverification.cfm method=post h1Please enter the following information:/h1 p br table width=75% border=0 tr td width=14%Name: /td td width=86% cfinput type=text name=RepName size=20 required=Yes message=please enter your name /td /tr tr td width=14%ID:/td td width=86% CFinput type=text name=RepID maxlength=5 message=Your ID must be 5 digits in length size=20 required=Yes b(First 5 digits of SSN.)/b /td /tr /table pbr input type=submit name=Submit value=Submit /cfform This is the verification page's code: -- cfapplication name=PerfTracksessionmanagement=Yes cfcookie name=repname expires=NOW cfcookie name=repid expires=NOW cflock name=repvars timeout=60 throwontimeout=Yes type=EXCLUSIVE CFcookie NAME=repname VALUE=#form.repname# EXPIRES=2 CFcookie NAME=repid VALUE=#form.repid# EXPIRES=2 /cflock and the menu just displays their name, this is a basic example so as to pare you a lot of verifying cfoutput Welcome Back #cookie.repname# your ID is #cookie.repid# #cookie.cftoken# /cfoutput Any help would be VERY appreciated. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail
Re: Cookies and the old switcharoo
I've had similar problems when I set up my auto-login feature, but it was mainly because I was using cflocation on the same page I was setting my cookie. I'm pretty sure you can't use cfhttp or cfheader either on the same page, along with a few other tags. Other than that, the only way they could be getting each other's cookies is if CF server recognizes their cfid and cftoken as someone else's. As Eric stated below, these are set from cfapplication and/or being passed in the URL strings...are they perhaps sharing links? For me, at least, it's always the little things... Tyler Silcox email | [EMAIL PROTECTED] website | www.gslsolutions.com - Original Message - From: Maia, Eric [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 09, 2001 5:51 PM Subject: RE: Cookies and the old switcharoo I'm still not sure exactly what's going on here, but here are some musings in case you haven't already explored these leads: 1. Are these reps using the same machine to log in, or do they each have a separate machine? Your cookies would only be causing the problem if they are on the same machine. 2. Bear in mind that CF will be setting 4 cookies: cfid, cftoken, repname, repid. (the first two are set automatically by the cfapplication call.) One thing you might try is clear all four cookies on the form page, so you're sure you're starting from a blank slate. (If I remember correctly, the main time I ran into this problem was when I was trying to set client variables and offer users the option of auto-login as a convenience. e.g. on login page, check for client.rememberme and if so, bypass the login, just pull user info from db based on client.userid... got all messed up, and people were getting each others' sessions all over the place. I went back to forcing everyone to log in, and it's been fine for over a year.) -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:50 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Thanks Eric, Indeed yes they are three separate .cfm pages. In the first form, called logon.cfm, a submit leads to the second page called verification.cfm. Once there, a meta refresh tag meta http-equiv=refresh content=.1; URL=nhrepmenu.cfm takes you to the menu page called repmenu.cfm. As for the deletion of existing cookies and locked vars, those are both recent adds in an attempt to combat this problem. I know cookies over write each other, but something is cause people to come up with other peoples cookie, so I thought if I deleted all cookies before setting them, it may clear up some of the issues.. the locking was another attempt to keep each cookie unique to the user. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning -Original Message- From: Maia, Eric [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:01 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Are these three different requests? (i.e. they submit the form, and the verification page is run, then another HTTP request takes them to the menu page?) If not, your problem might be trying to set and access the cookies on the same page. Take another look at your app structure and make sure there's a request between setting cookies and reading them. Also, I don't think you're gaining anything by clearing and setting cookies on the same page, or by locking form variables. -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 12:42 PM To: CF-Talk Subject: Cookies and the old switcharoo Hey everyone, I am having a problems where I have created a log in page for representatives to take a test. The page creates rep cookies that, by the time the menu page is reached, have jumbled each client's variables to someone else's. For example, Steve and John and Sally log in and hit the menu page and the menu page displays johns name on Sally's computer, Sally might also display Sally and and Steve has himself too. But as you can tell this makes for terrible inserts and test taking. So I am looking for some suggestions... here is the code: Log on Page --- cfform action=repverification.cfm method=post h1Please enter the following information:/h1 p br table width=75% border=0 tr td width=14%Name: /td td width=86% cfinput type=text name=RepName size=20 required=Yes message=please enter your name /td /tr tr td width=14%ID:/td td width=86% CFinput type=text name=RepID maxlength=5 message=Your ID must be 5 digits in length size=20 required=Yes b(First 5 digits of SSN.)/b /td /tr /table pbr input type=submit name=Submit value=Submit /cfform This is the verification page's code: -- cfapplication name=PerfTracksessionmanagement=Yes cfcookie name=repname expires=NOW cfcookie
RE: Cookies and the old switcharoo
I am trying a new version of the verification page. Here it is. cfif isnumeric(form.repid) is 'yes' and len(form.repid) EQ 5 cfapplication name=PerfTracksessionmanagement=Yes cfcookie name=repname expires=NOW cfcookie name=cfid expires=NOW cfcookie name=cftoken expires=NOW cfcookie name=repid expires=NOW cflock name=repvars timeout=60 throwontimeout=Yes type=EXCLUSIVE CFCOOKIE NAME=CFID VALUE=#SESSION.CFID# CFCOOKIE NAME=CFTOKEN VALUE=#SESSION.CFTOKEN# CFcookie NAME=repname VALUE=#cookvalue# EXPIRES=2 CFcookie NAME=repid VALUE=#form.repid# EXPIRES=2 /cflock meta http-equiv=refresh content=.1; URL=nhrepmenu.cfm cfabort I don't know if this will work, but its worth a shot. It seems to lock the cfid and and token. Any other suggestion would be nice. Oh, and Eric, the scenerio is that we have training classes around the country that have reps sitting in classes without a seating chart. I turns out the problem isn't that they are using the same machine though. I squared that away early because I thought that maybe the cookies weren't over writting for some reason. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning Training Development and Design Team. -Original Message- From: Tyler Silcox [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 3:17 PM To: CF-Talk Subject: Re: Cookies and the old switcharoo I've had similar problems when I set up my auto-login feature, but it was mainly because I was using cflocation on the same page I was setting my cookie. I'm pretty sure you can't use cfhttp or cfheader either on the same page, along with a few other tags. Other than that, the only way they could be getting each other's cookies is if CF server recognizes their cfid and cftoken as someone else's. As Eric stated below, these are set from cfapplication and/or being passed in the URL strings...are they perhaps sharing links? For me, at least, it's always the little things... Tyler Silcox email | [EMAIL PROTECTED] website | www.gslsolutions.com - Original Message - From: Maia, Eric [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 09, 2001 5:51 PM Subject: RE: Cookies and the old switcharoo I'm still not sure exactly what's going on here, but here are some musings in case you haven't already explored these leads: 1. Are these reps using the same machine to log in, or do they each have a separate machine? Your cookies would only be causing the problem if they are on the same machine. 2. Bear in mind that CF will be setting 4 cookies: cfid, cftoken, repname, repid. (the first two are set automatically by the cfapplication call.) One thing you might try is clear all four cookies on the form page, so you're sure you're starting from a blank slate. (If I remember correctly, the main time I ran into this problem was when I was trying to set client variables and offer users the option of auto-login as a convenience. e.g. on login page, check for client.rememberme and if so, bypass the login, just pull user info from db based on client.userid... got all messed up, and people were getting each others' sessions all over the place. I went back to forcing everyone to log in, and it's been fine for over a year.) -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:50 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Thanks Eric, Indeed yes they are three separate .cfm pages. In the first form, called logon.cfm, a submit leads to the second page called verification.cfm. Once there, a meta refresh tag meta http-equiv=refresh content=.1; URL=nhrepmenu.cfm takes you to the menu page called repmenu.cfm. As for the deletion of existing cookies and locked vars, those are both recent adds in an attempt to combat this problem. I know cookies over write each other, but something is cause people to come up with other peoples cookie, so I thought if I deleted all cookies before setting them, it may clear up some of the issues.. the locking was another attempt to keep each cookie unique to the user. Bryan Langford Analyst National Customer Operations Enterprise Services Strategic Planning -Original Message- From: Maia, Eric [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 1:01 PM To: CF-Talk Subject: RE: Cookies and the old switcharoo Are these three different requests? (i.e. they submit the form, and the verification page is run, then another HTTP request takes them to the menu page?) If not, your problem might be trying to set and access the cookies on the same page. Take another look at your app structure and make sure there's a request between setting cookies and reading them. Also, I don't think you're gaining anything by clearing and setting cookies on the same page, or by locking form variables. -Original Message- From: Langford, Bryan [mailto:[EMAIL PROTECTED
Re: cookies
The code snippet below works fine for me and need just one .cfm file: cfif isdefined(cookie.tmtCookieTest) cflocation url=yescookie.htm addtoken=No cfelseif not isdefined(url.tmtCookieSend) !--- First time the user visit the page, set the cookie --- cfcookie name=tmtCookieTest value=Accepts cookies !--- The cookie was send, redirect and set the tmtCookieSend flag as an url variable --- cfheader name=Refresh value=0; URL=#cgi.script_name#?tmtCookieSend=1 cfelseif isdefined(url.tmtCookieSend) !--- We tried sending the cookie, no way, cookies are disabled, get out of here --- cflocation url=nocookie.htm addtoken=No /cfif The trick here is to use cfheader name=Refresh instead of cflocation after setting the cookie Massimo Foti [EMAIL PROTECTED] My own Corner of the web http://www.massimocorner.com Dreamweaver, Ultradev and Fireworks goodies Russel Madere [EMAIL PROTECTED] wrote in message That really won't work. The problem with it is that during the execution of the CFM template, the cookies will exist. They are only refused after the HTTP headers are returned to the client. In other words, the cookies will be defined as long as the template setting them is executing. A better solution would be to set the cookies on a initially loaded page and use a client side redirect to send the user to the test template. That way the client will get the headers setting the cookies, and a new request will be generated for the test template. If the cookies exist there, then the client accepts cookies. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies
Set a cookie variable and read it on the next page.if cookie variable exisits then cookies are on. - Original Message - From: Chris Bohill [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, July 24, 2001 9:57 AM Subject: cookies Do you know how to use CF to check if a browser will accept cookies? Cheers, Chris. Chris Bohill, Applications Development Team, BizNet Solutions, 133-137 Lisburn Road BT9 7AG Belfast N.Ireland Tel: 0044 2890 223224 Fax 0044 2890 223223 Email: [EMAIL PROTECTED] WWW: http://www.biznet-solutions.com ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies
At 05:57 PM 7/24/2001 +0100, you wrote: Do you know how to use CF to check if a browser will accept cookies? Try setting one and run isDefined() on it. If it's defined, cookies are enabled. If not, no cookies. Just remember that some people have their browser set to warn before accepting a cookie. Now available in a San Francisco Bay Area near you! http://63.74.114.11/mr_urc/index.cfm http://63.74.114.11/mr_urc/resume.cfm ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies
try javascript. document.cookie=cookie=Yes; gotCookies=(String(document.cookie).search(Yes)!=-1)?true;false; ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies
That really won't work. The problem with it is that during the execution of the CFM template, the cookies will exist. They are only refused after the HTTP headers are returned to the client. In other words, the cookies will be defined as long as the template setting them is executing. A better solution would be to set the cookies on a initially loaded page and use a client side redirect to send the user to the test template. That way the client will get the headers setting the cookies, and a new request will be generated for the test template. If the cookies exist there, then the client accepts cookies. Hope this helps. Russel -Original Message- From: Jennifer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:43 PM To: CF-Talk Subject: Re: cookies At 05:57 PM 7/24/2001 +0100, you wrote: Do you know how to use CF to check if a browser will accept cookies? Try setting one and run isDefined() on it. If it's defined, cookies are enabled. If not, no cookies. Just remember that some people have their browser set to warn before accepting a cookie. Now available in a San Francisco Bay Area near you! http://63.74.114.11/mr_urc/index.cfm http://63.74.114.11/mr_urc/resume.cfm ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Cookies vs. Session Variables
switch to session vars, and pass the urltoken on every request and set the setclientcookies attributes to no in the cfapplication tag. this last bit is to prevent cf from correlating requests into a session via a cookie on the user's machine. cflocation will pass the urltoken automatically if you don't say addtoken=no, but on your forms and links you will need to add #urltoken# to the end. At 12:54 PM 7/2/01 -0700, you wrote: We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists - Ken Beard Manager, Application Development StoneGround 5100 West Kennedy Blvd, Suite 430 Tampa, FL 33609 813-387-1235 (phone) 813-387-1237 (fax) http://www.stoneground.com/ CONFIDENTIALITY NOTICE: This message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from under applicable law. All code Copyright © 2001 StoneGround. All rights reserved. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies vs. Session Variables
Nope. As a matter of fact, the way CF recognizes the session is through cookies. Run this code to confirm: cfloop collection=#cookie# item=myVar cfoutputCOOKIE.#myVar#/tdtd style=font: 12pt Courier New#evaluate(COOKIE. #myvar#)#/cfoutput /cfloop You'll notice a CFID and a CFTOKEN cookie variable. These values is what CF uses to assert who the session is. You're best bet may be to use client variables, or to create a log off button that clears sessions/cookies. I don't recommend using client variables because they sit in the url, and can be easily hijacked, posing an even bigger security threat. -Original Message- From: Pete Miller [mailto:[EMAIL PROTECTED]] Sent: Monday, July 02, 2001 12:55 PM To: CF-Talk Subject: Cookies vs. Session Variables We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies vs. Session Variables
Switching to session vars would eliminate the problem. Shawn Regan Applications Developer Pacific Technology Solutions -Original Message- From: Pete Miller [mailto:[EMAIL PROTECTED]] Sent: Monday, July 02, 2001 12:55 PM To: CF-Talk Subject: Cookies vs. Session Variables We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies vs. Session Variables
Cookies can be set to expire when the browser is closed. AFAIK, you can't overcome this with browser configuration. Sounds like a change in a few lines of your code will fix your problem. Using CFCOOKIE without specifying a timeout will cause the cookie to vanish when the browser is closed and your problem should go away. -Cameron Cameron Childress elliptIQ Inc. p.770.460.7277.232 f.770.460.0963 -- http://www.neighborware.com America's Leading Community Network Software -Original Message- From: Pete Miller [mailto:[EMAIL PROTECTED]] Sent: Monday, July 02, 2001 3:55 PM To: CF-Talk Subject: Cookies vs. Session Variables We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Cookies vs. Session Variables
I have never seen this before. You must remember, session vars are still based on cookies. So If you did move to session vars you would still have the same problem. At 12:54 PM 7/2/2001 -0700, you wrote: We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Cookies vs. Session Variables
I've never heard of a lab setup like this, but certainly don't doubt it. Is there some reasoning behind the configuration? Session variables, by default, use cookies to maintain identity. You can disable this by using the SetClientCookies=No in the CFAPPLICATION tag. If you do this, you'll have to be VERY careful to pass the CFID and CFToken (two elements to identify every user) in every single URL and Form. If you forget a link someplace, a new session will be started when the user clicks the link. I believe there are examples of this type of setup in Ben Forta's books. This is also the approach to take when working with users that have cookies disabled, as their sessions will die after every page request, since the cookie deletes itself. Norman Elton Quoting Pete Miller [EMAIL PROTECTED]: We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Cookies vs. Session Variables
You are correct, cookies should not be used to identify users at public terminals. Most public terminals either disallow persistent cookies, disallow all cookies or reset cookies after use (more common in labs). Sharing cookies is a new one for me, but the problem is the same. The answer is to use logins and session management. At 12:54 PM 7/2/2001 -0700, you wrote: We have an application that uses cookies to track the identity of a user after logging in. In a beta test performed at a university lab, this model failed because the browsers were set up to share the same cookies. In this case, all users had access to the information of the last user to log in. Is this a common configuration in networks? Would switching to session variables eliminate this problem in such an environment or could there still be issues with this, depending on their configuration? -Pete Cary Gordon The Cherry Hill Company ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies timeout!
That's exactly what I use: cfcookie name=psuserNICK value=#fixedusernick# expires=NEVER and the cookie is terminated/deleted whenever I close the browser. on the application.cfm there is: cfapplication name=photoshare clientmanagement=Yes sessionmanagement=Yes setclientcookies=Yes clientstorage=Cookie Thanks, Michael. - Original Message - From: Adkins, Randy [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, May 07, 2001 6:56 PM Subject: RE: cookies timeout! CFCookie name=username value=WHATEVERMYNAME expires=Never -Original Message- From: Michael Lugassy [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 1:43 PM To: CF-Talk Subject: cookies timeout! How can I prevent the cookie from being terminated (deleted) when the user close his browser? I want to write the cookie in his computer so he won't need to re-enter usernamepwd every time he logs in. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies timeout!
CFCookie name=username value=WHATEVERMYNAME expires=Never -Original Message- From: Michael Lugassy [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 1:43 PM To: CF-Talk Subject: cookies timeout! How can I prevent the cookie from being terminated (deleted) when the user close his browser? I want to write the cookie in his computer so he won't need to re-enter usernamepwd every time he logs in. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies timeout!
If you look at the documentation for CFCOOKIE, you will see it has a expires attribute: (From the absolutely [?] wonderful cfstudio docs) CFCOOKIE NAME=cookie_name VALUE=text EXPIRES=period SECURE=Yes or No PATH=url DOMAIN=.domain EXPIRES Optional. Schedules the expiration of a cookie variable. Can be specified as a date (as in, 10/09/97), number of days (as in, 10, 100), NOW, or NEVER. Using NOW effectively deletes the cookie from the client's browser. -Original Message- From: Michael Lugassy [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 1:43 PM To: CF-Talk Subject: cookies timeout! How can I prevent the cookie from being terminated (deleted) when the user close his browser? I want to write the cookie in his computer so he won't need to re-enter usernamepwd every time he logs in. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies and keeping track of ID
The cookie you created called user can be used just like any other variable - from anywhere within your application just call #cookie.user#. HTH * Diana Nichols Webmistress http://www.lavenderthreads.com 770.434.7374 One man's magic is another man's engineering. ---Lazarus Long -Original Message- From: Jeff Fongemie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 1:11 PM To: CF-Talk Subject: cookies and keeping track of ID Hello cf-talk, I have an application I'm working on that uses code from FX password. This is used to password protect a directory. I have not used cookies before, but noticed that the code in FXpassword sets a cookie: CFCOOKIE NAME=Password VALUE=good this is used to check for the value of good for access to cfm pages in the DIR. So, is there a way that i can also add the primary key of ID for that user also, this way I can access his information from page to page?? Do I need to set a whole new cookie? CFCOOKIE NAME=USER VALUE=#ID# If so, then how do I call for it and get the user ID?? I realize I may not even be close here, and therefore can't expect anyone to give me a tutorial on cookies, but anyone know any web resources on CF cookie usage? I do have BF WACK but think I need to read more before this sinks in. Best regards, Jeff Fongemie mailto:[EMAIL PROTECTED] Internet Guns For Hire (603) 356-0768 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies not being set
I was away from my computer when all the answers came in. Thanks to all that helped. It seems that a javascript redirect is the best work around for now. Thanks again. Mike *** REPLY SEPARATOR *** On 4/16/2001 at 2:33 PM Nick McClure wrote: |CFLocation works on an http error. | |It is 302 Object Moved. | |Cookies work on an http header also. You could get happy and create the |http headers that will do this. It is all possible and I have done them |separately. I do not know if this will actually set the cookie though. I |am |going to try this later today. | |I will let you know how it works. | |At 01:57 PM 4/16/2001 -0400, you wrote: |Or write the redirect header manually: | |http://www.teamallaire.com/tutorials/index.cfm?fuseaction=displaytopicid=01 |3 | |Benjamin S. Rogers |Web Developer, c4.net |Voice: (508) 240-0051 |Fax: (508) 240-0057 | |-Original Message- |From: Adrian Cesana [mailto:[EMAIL PROTECTED]] |Sent: Monday, April 16, 2001 1:41 PM |To: CF-Talk |Subject: RE: cookies not being set | | |You cant use CFCOOKIE AND CFLOCATION on the same page, you may want to |change your CFLOCATION's to a META redirect. | |-Adrian ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies and their expiration
Jon, The reason the cookie last so long is to effectively never expire it. Preferably, you don't want to reassign a user a new CFID/CFTOKEN pair--you want to keep those cookies on their system forever, that way you'd be able to track that particular user over the lifetime of the app. The length of the cookie doesn't reflect the length of the user's session or client variables--that's all independant of each other. However, if you do want to override the setting, you should be able to use the CFCOOKIE tag and manually re-write the CFID/CFTOKEN variables with a shorter lifespan. Just be aware that doing so would cause the server to regenerate a new CFID/CFTOKEN pair for the same browser if they visit your site after the cookie expires. -Dan -Original Message- From: Moneymaker, Jon S (WPNSTA Yorktown) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 12:08 PM To: CF-Talk Subject: Cookies and their expiration Still pretty new to all this, but am being asked some questions by superiors about CF's use/creation of cookies CF (to maintain state) drops a "cookie" on the client that contains a cfid and cftoken Looking at the cookie (it's properties) in IE, (said superior noted with some surprise) that the expriation is, or appears to be 2037. MY Question: is there a way to cause said cfid/token/cookie to expire sooner (a lot sooner)? I tried several things recommended in the books...but the cookie remained on the browserpersistant little bugger that it is. suggestions? Jon Moneymaker (and yes...that really is my last name) Network Administrator Fleet and Family Support Center, Yorktown, VA ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cookies and their expiration
-Original Message-
From: Moneymaker, Jon S (WPNSTA Yorktown)
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 17, 2001 12:08 PM
To: CF-Talk
Subject: Cookies and their expiration
Still pretty new to all this, but am being asked some questions
by superiors
about CF's use/creation of cookies
CF (to maintain state) drops a "cookie" on the client that contains a cfid
and cftoken
Looking at the cookie (it's properties) in IE, (said superior noted with
some surprise) that the expriation is, or appears to be 2037.
MY Question: is there a way to cause said cfid/token/cookie to
expire sooner
(a lot sooner)?
I tried several things recommended in the books...but the cookie
remained on
the browserpersistant little bugger that it is.
suggestions?
The old "kill cookies on browser close" routine works well:
!--- In application.cfm ---
cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")
cfset cfid_local = Cookie.CFID
cfset cftoken_local = Cookie.CFTOKEN
cfcookie name="CFID" value="#cfid_local#"
cfcookie name="CFTOKEN" value="#cftoken_local#"
/cfif
This effectively sets "session cookies" -- cookies that expire when the user closer
his or her browser, by omitting the EXPIRES attribute of the
CFCOOKIE tag. In your situation, you would want to set an expiration date for the
cookies, so you want to ADD the EXPIRES attribute to the above CFCOOKIE tags and put
it in your application.cfm page(s).
- Andy
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies not being set
You cant use CFCOOKIE AND CFLOCATION on the same page, you may want to change your CFLOCATION's to a META redirect. -Adrian -Original Message- From: Mike Sprague [mailto:[EMAIL PROTECTED]] I have a login page that checks my db to validate user info and if valid uses cflocation to redirect to the appropriate page. I need cookies to work because people with AOL have been having problems keeing the session variables alive. My code is below, any help would be greatly appreciated. Mike snip ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies not being set
You cannot use CFCOOKIE and CFLOCATION on the same page. You'll have to code your redirects using Javascript and the onLoad Event. Jeff Garza Web Developer/Webmaster Spectrum Astro, Inc. 480.892.8200 [EMAIL PROTECTED] http://www.spectrumastro.com -Original Message- From: Mike Sprague [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 10:26 AM To: CF-Talk Subject: cookies not being set I have a login page that checks my db to validate user info and if valid uses cflocation to redirect to the appropriate page. I need cookies to work because people with AOL have been having problems keeing the session variables alive. My code is below, any help would be greatly appreciated. Mike cfif CheckLogin.RecordCount Is 0 Or CheckLogin.RecordCount GT 1 cfset Session.error_message="Your Login Information Is Incorrect. Please Try Again." cflocation url="/login.cfm" addtoken="No" cfelseif CheckLogin.RecordCount Is 1 cfcookie name="UserLevel" value="#int(CheckLogin.UserLevel)#" expires="1" cfcookie name="LoggedIn" value="true" expires="1" cfcookie name="Username" value="#CheckLogin.Username#" expires="1" cfcookie name="UserID" value="#int(CheckLogin.UserID)#" expires="1" cflocation url="/members/index.cfm" addtoken="Yes" cfelse cflocation url="/login.cfm" addtoken="No" /cfif ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies not being set
You cannot use cflocation on the same page where you set cookies. Try this instead: script language="javascript" !-- parent.location="/login.cfm" // -- /script HTH * Diana Nichols Webmistress http://www.lavenderthreads.com 770.434.7374 "One man's magic is another man's engineering." ---Lazarus Long -Original Message- From: Mike Sprague [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 1:26 PM To: CF-Talk Subject: cookies not being set I have a login page that checks my db to validate user info and if valid uses cflocation to redirect to the appropriate page. I need cookies to work because people with AOL have been having problems keeing the session variables alive. My code is below, any help would be greatly appreciated. Mike cfif CheckLogin.RecordCount Is 0 Or CheckLogin.RecordCount GT 1 cfset Session.error_message="Your Login Information Is Incorrect. Please Try Again." cflocation url="/login.cfm" addtoken="No" cfelseif CheckLogin.RecordCount Is 1 cfcookie name="UserLevel" value="#int(CheckLogin.UserLevel)#" expires="1" cfcookie name="LoggedIn" value="true" expires="1" cfcookie name="Username" value="#CheckLogin.Username#" expires="1" cfcookie name="UserID" value="#int(CheckLogin.UserID)#" expires="1" cflocation url="/members/index.cfm" addtoken="Yes" cfelse cflocation url="/login.cfm" addtoken="No" /cfif ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies not being set
You can't use CFLOCATION and CFCOOKIE on the same page. CFLOCATION trashes the current HTTP headers where cookies are send and generates new ones. Since CF doesn't send the headers until the page is done processiong your headers with the cookies in them never even get to the browser. Kevin - Original Message - From: "Mike Sprague" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Monday, April 16, 2001 12:25 PM Subject: cookies not being set I have a login page that checks my db to validate user info and if valid uses cflocation to redirect to the appropriate page. I need cookies to work because people with AOL have been having problems keeing the session variables alive. My code is below, any help would be greatly appreciated. Mike cfif CheckLogin.RecordCount Is 0 Or CheckLogin.RecordCount GT 1 cfset Session.error_message="Your Login Information Is Incorrect. Please Try Again." cflocation url="/login.cfm" addtoken="No" cfelseif CheckLogin.RecordCount Is 1 cfcookie name="UserLevel" value="#int(CheckLogin.UserLevel)#" expires="1" cfcookie name="LoggedIn" value="true" expires="1" cfcookie name="Username" value="#CheckLogin.Username#" expires="1" cfcookie name="UserID" value="#int(CheckLogin.UserID)#" expires="1" cflocation url="/members/index.cfm" addtoken="Yes" cfelse cflocation url="/login.cfm" addtoken="No" /cfif ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cookies not being set
You cant set cookies on a page with CFLOCATION. The page is redirected before it is rendered by the browser, therefore, before your cookies are set. -Original Message- From: Mike Sprague [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 1:26 PM To: CF-Talk Subject: cookies not being set I have a login page that checks my db to validate user info and if valid uses cflocation to redirect to the appropriate page. I need cookies to work because people with AOL have been having problems keeing the session variables alive. My code is below, any help would be greatly appreciated. Mike cfif CheckLogin.RecordCount Is 0 Or CheckLogin.RecordCount GT 1 cfset Session.error_message="Your Login Information Is Incorrect. Please Try Again." cflocation url="/login.cfm" addtoken="No" cfelseif CheckLogin.RecordCount Is 1 cfcookie name="UserLevel" value="#int(CheckLogin.UserLevel)#" expires="1" cfcookie name="LoggedIn" value="true" expires="1" cfcookie name="Username" value="#CheckLogin.Username#" expires="1" cfcookie name="UserID" value="#int(CheckLogin.UserID)#" expires="1" cflocation url="/members/index.cfm" addtoken="Yes" cfelse cflocation url="/login.cfm" addtoken="No" /cfif ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: cookies not being set
As I'm sure 100 people on this list will tell you due to the horrendous lag, when cflocation is used on a page when cookies are being set, the cookies will not be set correctly. Instead, I use javascript to relocatewindow.location='whatever.cfm'; - Original Message - From: "Mike Sprague" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Monday, April 16, 2001 10:25 AM Subject: cookies not being set I have a login page that checks my db to validate user info and if valid uses cflocation to redirect to the appropriate page. I need cookies to work because people with AOL have been having problems keeing the session variables alive. My code is below, any help would be greatly appreciated. Mike cfif CheckLogin.RecordCount Is 0 Or CheckLogin.RecordCount GT 1 cfset Session.error_message="Your Login Information Is Incorrect. Please Try Again." cflocation url="/login.cfm" addtoken="No" cfelseif CheckLogin.RecordCount Is 1 cfcookie name="UserLevel" value="#int(CheckLogin.UserLevel)#" expires="1" cfcookie name="LoggedIn" value="true" expires="1" cfcookie name="Username" value="#CheckLogin.Username#" expires="1" cfcookie name="UserID" value="#int(CheckLogin.UserID)#" expires="1" cflocation url="/members/index.cfm" addtoken="Yes" cfelse cflocation url="/login.cfm" addtoken="No" /cfif ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
