RE: Session variables not working
Thanks, Jay! Rick -Original Message- From: Jay Pandya [mailto:jaypandy...@gmail.com] Sent: Tuesday, February 28, 2012 12:49 AM To: cf-talk Subject: Re: Session variables not working Hi Rick, When you are using session variables and you want to get its value in other page after using cflocation then you need to enable seclientcookies true in cfapplication tag. More description you can read on http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_a-b_5 .html read Setclientcokies description. Thank You Jay Pandya >It's been awhile since I used session variables, >but this is simple. Why won't this work? > >session-test.cfm > > > > >#session.name# > > > > >session-test-2.cfm >-- > >#session.name# > > >I get the error 'Element NAME is undefined in SESSION.' > >??? > >Session variables are specified for use in CFADMIN. >Am I missing something REALLY simple or obvious? > >Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350127 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables not working
I normally use an application.cfc, but this was just a quick "proof-of-concept" that I threw together to test something. -Original Message- From: James Holmes [mailto:james.hol...@gmail.com] Sent: Monday, February 27, 2012 10:56 PM To: cf-talk Subject: Re: Session variables not working Actually, a cfapplication tag will work fine outside of Application.cfm so technically this isn't true. Of course it makes sense to use Application.cfm or Application.cfc. -- Shu Ha Ri: Agile and .NET blog http://www.bifrost.com.au/ On 28 February 2012 04:36, Russ Michaels wrote: > > yes you must have an application.cfm/cfc in order to enable session > variables. > > On Mon, Feb 27, 2012 at 8:28 PM, Rick Faircloth >wrote: > > > > > There's no application.cfc at this point...the only > > two pages involved are what's in this email. > > > > Is enabling session management in an application.cfc > > necessary for session management to work? > > > > As you can see below when I use: > > > > > > > > and then output that with: > > > > #session.name# > > > > I get 'rick'... > > > > But that's on the same page. > > > > Would that work but not session variables between pages > > with session management being enabled in application.cfc? > > > > Rick > > > > -Original Message- > > From: Steve Milburn [mailto:scmilb...@gmail.com] > > Sent: Monday, February 27, 2012 3:18 PM > > To: cf-talk > > Subject: Re: Session variables not working > > > > > > Have you enabled session management in the application.cfc? > > > > On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth > > wrote: > > > > > > > > It's been awhile since I used session variables, > > > but this is simple. Why won't this work? > > > > > > session-test.cfm > > > > > > > > > > > > > > > #session.name# > > > > > > > > > > > > > > > session-test-2.cfm > > > -- > > > > > > #session.name# > > > > > > > > > I get the error 'Element NAME is undefined in SESSION.' > > > > > > ??? > > > > > > Session variables are specified for use in CFADMIN. > > > Am I missing something REALLY simple or obvious? > > > > > > Rick > > > > > > > > > > > > > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350126 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables not working
Thanks for that reminder... it's been years since I've even used cflocation! My how knowledge, unused, is fleeting... -Original Message- From: Azadi Saryev [mailto:azadi.sar...@gmail.com] Sent: Monday, February 27, 2012 9:20 PM To: cf-talk Subject: Re: Session variables not working In your tag include addtoken="no" attribute to prevent CFID/CFTOKEN vars from being appended to the url. I'll also suggest you set your server to use J2EE sessions in CF Administrator, if you have not done so already. Azadi On Tue, Feb 28, 2012 at 04:36, Rick Faircloth wrote: > > Well, after quickly throwing together an application.cfc, > I can see that it is necessary. It attached the CFID > and CFTOKEN to the URL. > > > -Original Message- > From: Rick Faircloth [mailto:r...@whitestonemedia.com] > Sent: Monday, February 27, 2012 3:29 PM > To: cf-talk > Subject: RE: Session variables not working > > > There's no application.cfc at this point...the only > two pages involved are what's in this email. > > Is enabling session management in an application.cfc > necessary for session management to work? > > As you can see below when I use: > > > > and then output that with: > > #session.name# > > I get 'rick'... > > But that's on the same page. > > Would that work but not session variables between pages > with session management being enabled in application.cfc? > > Rick > > -Original Message- > From: Steve Milburn [mailto:scmilb...@gmail.com] > Sent: Monday, February 27, 2012 3:18 PM > To: cf-talk > Subject: Re: Session variables not working > > > Have you enabled session management in the application.cfc? > > On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth > wrote: > >> >> It's been awhile since I used session variables, >> but this is simple. Why won't this work? >> >> session-test.cfm >> >> >> >> >> #session.name# >> >> >> >> >> session-test-2.cfm >> -- >> >> #session.name# >> >> >> I get the error 'Element NAME is undefined in SESSION.' >> >> ??? >> >> Session variables are specified for use in CFADMIN. >> Am I missing something REALLY simple or obvious? >> >> Rick >> >> >> >> > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350125 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
Hi Rick, When you are using session variables and you want to get its value in other page after using cflocation then you need to enable seclientcookies true in cfapplication tag. More description you can read on http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_a-b_5.html read Setclientcokies description. Thank You Jay Pandya >It's been awhile since I used session variables, >but this is simple. Why won't this work? > >session-test.cfm > > > > >#session.name# > > > > >session-test-2.cfm >-- > >#session.name# > > >I get the error 'Element NAME is undefined in SESSION.' > >??? > >Session variables are specified for use in CFADMIN. >Am I missing something REALLY simple or obvious? > >Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350123 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
Actually, a cfapplication tag will work fine outside of Application.cfm so technically this isn't true. Of course it makes sense to use Application.cfm or Application.cfc. -- Shu Ha Ri: Agile and .NET blog http://www.bifrost.com.au/ On 28 February 2012 04:36, Russ Michaels wrote: > > yes you must have an application.cfm/cfc in order to enable session > variables. > > On Mon, Feb 27, 2012 at 8:28 PM, Rick Faircloth >wrote: > > > > > There's no application.cfc at this point...the only > > two pages involved are what's in this email. > > > > Is enabling session management in an application.cfc > > necessary for session management to work? > > > > As you can see below when I use: > > > > > > > > and then output that with: > > > > #session.name# > > > > I get 'rick'... > > > > But that's on the same page. > > > > Would that work but not session variables between pages > > with session management being enabled in application.cfc? > > > > Rick > > > > -Original Message- > > From: Steve Milburn [mailto:scmilb...@gmail.com] > > Sent: Monday, February 27, 2012 3:18 PM > > To: cf-talk > > Subject: Re: Session variables not working > > > > > > Have you enabled session management in the application.cfc? > > > > On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth > > wrote: > > > > > > > > It's been awhile since I used session variables, > > > but this is simple. Why won't this work? > > > > > > session-test.cfm > > > > > > > > > > > > > > > #session.name# > > > > > > > > > > > > > > > session-test-2.cfm > > > -- > > > > > > #session.name# > > > > > > > > > I get the error 'Element NAME is undefined in SESSION.' > > > > > > ??? > > > > > > Session variables are specified for use in CFADMIN. > > > Am I missing something REALLY simple or obvious? > > > > > > Rick > > > > > > > > > > > > > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350121 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
In your tag include addtoken="no" attribute to prevent CFID/CFTOKEN vars from being appended to the url. I'll also suggest you set your server to use J2EE sessions in CF Administrator, if you have not done so already. Azadi On Tue, Feb 28, 2012 at 04:36, Rick Faircloth wrote: > > Well, after quickly throwing together an application.cfc, > I can see that it is necessary. It attached the CFID > and CFTOKEN to the URL. > > > -Original Message- > From: Rick Faircloth [mailto:r...@whitestonemedia.com] > Sent: Monday, February 27, 2012 3:29 PM > To: cf-talk > Subject: RE: Session variables not working > > > There's no application.cfc at this point...the only > two pages involved are what's in this email. > > Is enabling session management in an application.cfc > necessary for session management to work? > > As you can see below when I use: > > > > and then output that with: > > #session.name# > > I get 'rick'... > > But that's on the same page. > > Would that work but not session variables between pages > with session management being enabled in application.cfc? > > Rick > > -Original Message- > From: Steve Milburn [mailto:scmilb...@gmail.com] > Sent: Monday, February 27, 2012 3:18 PM > To: cf-talk > Subject: Re: Session variables not working > > > Have you enabled session management in the application.cfc? > > On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth > wrote: > >> >> It's been awhile since I used session variables, >> but this is simple. Why won't this work? >> >> session-test.cfm >> >> >> >> >> #session.name# >> >> >> >> >> session-test-2.cfm >> -- >> >> #session.name# >> >> >> I get the error 'Element NAME is undefined in SESSION.' >> >> ??? >> >> Session variables are specified for use in CFADMIN. >> Am I missing something REALLY simple or obvious? >> >> Rick >> >> >> >> > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350120 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables not working
Thanks for the reminder! Rick -Original Message- From: Steve Milburn [mailto:scmilb...@gmail.com] Sent: Monday, February 27, 2012 3:42 PM To: cf-talk Subject: Re: Session variables not working Correction on my previous post: The variable was stored in variables.session.name (not variables.session.rick)... but you probably knew what I meant.. ;-) On Mon, Feb 27, 2012 at 3:39 PM, Steve Milburn wrote: > You will need an application.cfc (or .cfm) for session variables to work. > > In your example, your was actually stored > in the variables scope on that page as variables.session.rick, and not > actually in the session scope. That is why it was not available on the > other page. > > > On Mon, Feb 27, 2012 at 3:28 PM, Rick Faircloth wrote: > >> >> There's no application.cfc at this point...the only >> two pages involved are what's in this email. >> >> Is enabling session management in an application.cfc >> necessary for session management to work? >> >> As you can see below when I use: >> >> >> >> and then output that with: >> >> #session.name# >> >> I get 'rick'... >> >> But that's on the same page. >> >> Would that work but not session variables between pages >> with session management being enabled in application.cfc? >> >> Rick >> >> -Original Message- >> From: Steve Milburn [mailto:scmilb...@gmail.com] >> Sent: Monday, February 27, 2012 3:18 PM >> To: cf-talk >> Subject: Re: Session variables not working >> >> >> Have you enabled session management in the application.cfc? >> >> On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth >> wrote: >> >> > >> > It's been awhile since I used session variables, >> > but this is simple. Why won't this work? >> > >> > session-test.cfm >> > >> > >> > >> > >> > #session.name# >> > >> > >> > >> > >> > session-test-2.cfm >> > -- >> > >> > #session.name# >> > >> > >> > I get the error 'Element NAME is undefined in SESSION.' >> > >> > ??? >> > >> > Session variables are specified for use in CFADMIN. >> > Am I missing something REALLY simple or obvious? >> > >> > Rick >> > >> > >> > >> > >> >> >> >> ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350119 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
Correction on my previous post: The variable was stored in variables.session.name (not variables.session.rick)... but you probably knew what I meant.. ;-) On Mon, Feb 27, 2012 at 3:39 PM, Steve Milburn wrote: > You will need an application.cfc (or .cfm) for session variables to work. > > In your example, your was actually stored > in the variables scope on that page as variables.session.rick, and not > actually in the session scope. That is why it was not available on the > other page. > > > On Mon, Feb 27, 2012 at 3:28 PM, Rick Faircloth > wrote: > >> >> There's no application.cfc at this point...the only >> two pages involved are what's in this email. >> >> Is enabling session management in an application.cfc >> necessary for session management to work? >> >> As you can see below when I use: >> >> >> >> and then output that with: >> >> #session.name# >> >> I get 'rick'... >> >> But that's on the same page. >> >> Would that work but not session variables between pages >> with session management being enabled in application.cfc? >> >> Rick >> >> -Original Message- >> From: Steve Milburn [mailto:scmilb...@gmail.com] >> Sent: Monday, February 27, 2012 3:18 PM >> To: cf-talk >> Subject: Re: Session variables not working >> >> >> Have you enabled session management in the application.cfc? >> >> On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth >> wrote: >> >> > >> > It's been awhile since I used session variables, >> > but this is simple. Why won't this work? >> > >> > session-test.cfm >> > >> > >> > >> > >> > #session.name# >> > >> > >> > >> > >> > session-test-2.cfm >> > -- >> > >> > #session.name# >> > >> > >> > I get the error 'Element NAME is undefined in SESSION.' >> > >> > ??? >> > >> > Session variables are specified for use in CFADMIN. >> > Am I missing something REALLY simple or obvious? >> > >> > Rick >> > >> > >> > >> > >> >> >> >> ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350117 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
You will need an application.cfc (or .cfm) for session variables to work. In your example, your was actually stored in the variables scope on that page as variables.session.rick, and not actually in the session scope. That is why it was not available on the other page. On Mon, Feb 27, 2012 at 3:28 PM, Rick Faircloth wrote: > > There's no application.cfc at this point...the only > two pages involved are what's in this email. > > Is enabling session management in an application.cfc > necessary for session management to work? > > As you can see below when I use: > > > > and then output that with: > > #session.name# > > I get 'rick'... > > But that's on the same page. > > Would that work but not session variables between pages > with session management being enabled in application.cfc? > > Rick > > -Original Message- > From: Steve Milburn [mailto:scmilb...@gmail.com] > Sent: Monday, February 27, 2012 3:18 PM > To: cf-talk > Subject: Re: Session variables not working > > > Have you enabled session management in the application.cfc? > > On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth > wrote: > > > > > It's been awhile since I used session variables, > > but this is simple. Why won't this work? > > > > session-test.cfm > > > > > > > > > > #session.name# > > > > > > > > > > session-test-2.cfm > > -- > > > > #session.name# > > > > > > I get the error 'Element NAME is undefined in SESSION.' > > > > ??? > > > > Session variables are specified for use in CFADMIN. > > Am I missing something REALLY simple or obvious? > > > > Rick > > > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350116 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables not working
Well, after quickly throwing together an application.cfc, I can see that it is necessary. It attached the CFID and CFTOKEN to the URL. -Original Message- From: Rick Faircloth [mailto:r...@whitestonemedia.com] Sent: Monday, February 27, 2012 3:29 PM To: cf-talk Subject: RE: Session variables not working There's no application.cfc at this point...the only two pages involved are what's in this email. Is enabling session management in an application.cfc necessary for session management to work? As you can see below when I use: and then output that with: #session.name# I get 'rick'... But that's on the same page. Would that work but not session variables between pages with session management being enabled in application.cfc? Rick -Original Message- From: Steve Milburn [mailto:scmilb...@gmail.com] Sent: Monday, February 27, 2012 3:18 PM To: cf-talk Subject: Re: Session variables not working Have you enabled session management in the application.cfc? On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth wrote: > > It's been awhile since I used session variables, > but this is simple. Why won't this work? > > session-test.cfm > > > > > #session.name# > > > > > session-test-2.cfm > -- > > #session.name# > > > I get the error 'Element NAME is undefined in SESSION.' > > ??? > > Session variables are specified for use in CFADMIN. > Am I missing something REALLY simple or obvious? > > Rick > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350115 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
yes you must have an application.cfm/cfc in order to enable session variables. On Mon, Feb 27, 2012 at 8:28 PM, Rick Faircloth wrote: > > There's no application.cfc at this point...the only > two pages involved are what's in this email. > > Is enabling session management in an application.cfc > necessary for session management to work? > > As you can see below when I use: > > > > and then output that with: > > #session.name# > > I get 'rick'... > > But that's on the same page. > > Would that work but not session variables between pages > with session management being enabled in application.cfc? > > Rick > > -Original Message- > From: Steve Milburn [mailto:scmilb...@gmail.com] > Sent: Monday, February 27, 2012 3:18 PM > To: cf-talk > Subject: Re: Session variables not working > > > Have you enabled session management in the application.cfc? > > On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth > wrote: > > > > > It's been awhile since I used session variables, > > but this is simple. Why won't this work? > > > > session-test.cfm > > > > > > > > > > #session.name# > > > > > > > > > > session-test-2.cfm > > -- > > > > #session.name# > > > > > > I get the error 'Element NAME is undefined in SESSION.' > > > > ??? > > > > Session variables are specified for use in CFADMIN. > > Am I missing something REALLY simple or obvious? > > > > Rick > > > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350114 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables not working
There's no application.cfc at this point...the only two pages involved are what's in this email. Is enabling session management in an application.cfc necessary for session management to work? As you can see below when I use: and then output that with: #session.name# I get 'rick'... But that's on the same page. Would that work but not session variables between pages with session management being enabled in application.cfc? Rick -Original Message- From: Steve Milburn [mailto:scmilb...@gmail.com] Sent: Monday, February 27, 2012 3:18 PM To: cf-talk Subject: Re: Session variables not working Have you enabled session management in the application.cfc? On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth wrote: > > It's been awhile since I used session variables, > but this is simple. Why won't this work? > > session-test.cfm > > > > > #session.name# > > > > > session-test-2.cfm > -- > > #session.name# > > > I get the error 'Element NAME is undefined in SESSION.' > > ??? > > Session variables are specified for use in CFADMIN. > Am I missing something REALLY simple or obvious? > > Rick > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350112 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables not working
Have you enabled session management in the application.cfc? On Mon, Feb 27, 2012 at 3:14 PM, Rick Faircloth wrote: > > It's been awhile since I used session variables, > but this is simple. Why won't this work? > > session-test.cfm > > > > > #session.name# > > > > > session-test-2.cfm > -- > > #session.name# > > > I get the error 'Element NAME is undefined in SESSION.' > > ??? > > Session variables are specified for use in CFADMIN. > Am I missing something REALLY simple or obvious? > > Rick > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350110 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variables
+1 as Dave said. it seems what you really want is probably a "remember me" function that keeps users logged in, this will simply save a cookie with an encrypted copy of their username/password and log them in again when the session expires. If you specifically want to store the session data for 14 days, then just dump it in the database and load it whenever they login. -- Russ Michaels www.bluethunderinternet.com : Business hosting services & solutions www.cfmldeveloper.com : ColdFusion developer community www.michaels.me.uk : my blog www.cfsearch.com : ColdFusion search engine sky ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348213 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variables
> By default session variables have a maximum timeout period of 20 minutes. > You can manually specify a timeout of something less than that value, but > nothing more. If you want your sessions to timeout in 14 days, then you > have to change the maximum timeout values on your server to something >= 14 > days. This is almost certainly the right answer, but in addition - you should reconsider doing this in the first place. Session variables are not designed to be persisted for 14 days. There's a very good reason why they expire after 20 minutes of inactivity by default. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348212 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variables
Thanks guys! > sessionmanagement="yes" > sessiontimeout="#CreateTimeSpan(14,0,0,0)#"> > > My session expires in as little as 20 minutes, I dont understand why > so early when I set the timeout for 14 days. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348207 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variables
Rick, What is your applicationtimeout set to? If it's set to 20 minutes, it will clear your session cache as well (I think). Also, check your application and session timeout settings in CF Admin. HTH, Carl On 10/18/2011 10:32 AM, Rick T wrote: >sessionmanagement="yes" > sessiontimeout="#CreateTimeSpan(14,0,0,0)#"> > > My session expires in as little as 20 minutes, I dont understand why so early > when I set the timeout for 14 days. > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348204 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variables
What is the maximum time-out period defined for memory variables on your server? By default session variables have a maximum timeout period of 20 minutes. You can manually specify a timeout of something less than that value, but nothing more. If you want your sessions to timeout in 14 days, then you have to change the maximum timeout values on your server to something >= 14 days. Steve On Tue, Oct 18, 2011 at 1:32 PM, Rick T wrote: > > sessionmanagement="yes" > sessiontimeout="#CreateTimeSpan(14,0,0,0)#"> > > My session expires in as little as 20 minutes, I dont understand why so > early when I set the timeout for 14 days. > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348203 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables security
No I haven't used it, and I am in a closed environment where I don't need to worry about these things to much. However, I brought it up because some people find that it would cost them more to try to match the features, than to actually buy it. Regards, Andrew Scott http://www.andyscott.id.au/ > -Original Message- > From: Rob Voyle [mailto:robvo...@voyle.com] > Sent: Wednesday, 26 January 2011 5:09 PM > To: Andrew Scott; cf-talk@houseoffusion.com > Subject: Re: Session variables security > > Hi Andrew > > have you used this firewall or others that are out there? > I find I have a great hesitancy about proprietry add ons, as an old engineer I > like/d to work from first principles. I have had more problems and time > wasted from firewalls and antivirus programs than they are supposed to > prevent. > > Once I get a basic process established it is not much of a problem to add it to > the pages I am using. > > Rob > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341321 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables security
I am wondering if it would be cheaper for you to take a look at http://www.petefreitag.com/item/728.cfm it might cost you more trying to protect in time coding and maintenance. Regards, Andrew Scott http://www.andyscott.id.au/ > -Original Message- > From: Rob Voyle [mailto:robvo...@voyle.com] > Sent: Wednesday, 26 January 2011 11:53 AM > To: cf-talk > Subject: Re: Session variables security > > > Hi Folks > > I have several large forms connected to mySql tables. > I use has been validated for content that I need (no blank fields etc.) > > I created the following validation to check for scripts etc being injected. > > Is there anything else I should check for that would indicate someone was > hacking the page. > Thanks > > Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341241 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables security
Hi Folks I have several large forms connected to mySql tables. I use ]', checkVariables)> "" in one of the fields"> "> "> ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341240 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables security
OK thanks Ian >On 1/24/2011 8:57 AM, Richard White wrote: > >Only if there is a place in your code for them to do so. If you have a >vulnerable piece of code that can give unexpected and undesired results >because of malicious inputs form the client, then you have a problem. > >But it is not an insecurity in the session variables is is an insecurity >in your application and how it is setting those variables. There is no >way for a user to send random code at a CF server and have it do >anything to session variables unless it is happening somewhere in the >CFML codebase. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341134 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session variables security
On 1/24/2011 8:57 AM, Richard White wrote: > Hi, > > When the user logs in, I save their username to the session scope. > > Would i need to re-validate that username at the top of every page that uses > it in a database query? > > I previously thought this was not necessary but if it is possible for someone > to send malicious sql injection then surely it is also possible (even though > very unlikely) for someone to send code that changes the username stored in > the session to some malicious sql injection. > > thanks Only if there is a place in your code for them to do so. If you have a vulnerable piece of code that can give unexpected and undesired results because of malicious inputs form the client, then you have a problem. But it is not an insecurity in the session variables is is an insecurity in your application and how it is setting those variables. There is no way for a user to send random code at a CF server and have it do anything to session variables unless it is happening somewhere in the CFML codebase. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341133 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SESSION variables and cflock
Think iframes or Ajax calls or other types of situations where A User may be session-linked to more than one current thread / process. In those cases, if there is potential for simultaneous writes to a session var, then you could theoretically have a clash. If your app uses no Ajax and has no other embedded code blocks that might trigger concurrency within a session, then locking would not be needed, in theory. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:335984 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SESSION variables and cflock
> The book says you should act on SESSION variables within a cflock because of > potential collisions. But are my SESSION > variables not mine and inaccessible to anyone else? How could there be a > collision? The same browser can make multiple concurrent requests; they will all be in the same session. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:335980 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: session variables
> Session data in ColdFusion is tied to unique combinations of user, > browser and domain. And the http and https versions of your website > are > viewed as two different domains. This is due to the normal behavior > of > ColdFusion using cookies to pass the tokens that lets it know with > session data goes with what http requests. so how do I get rid of these variables? I did a page full of structDeletes and that didn't help. Do I need to restart the server? ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332098 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: session variables
On 3/22/2010 10:35 AM, daniel kessler wrote: > > Honestly, I'm not sure I'm understanding the problem and I am just trying to > work through it. > Session data in ColdFusion is tied to unique combinations of user, browser and domain. And the http and https versions of your website are viewed as two different domains. This is due to the normal behavior of ColdFusion using cookies to pass the tokens that lets it know with session data goes with what http requests. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332005 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: session variables
>From a session perspective, the session cookie (the browser side of the >session) for https://www.mysite.com is *not* shared with the session >cookie for http://www.mysite.com. It sounds like they then won't mess with each other. If I wanted to get rid of the https variables then I could just have a blank page with a structDelete in it, it would seem. Honestly, I'm not sure I'm understanding the problem and I am just trying to work through it. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331976 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: session variables
> I'm not setting cookies though, but session variables. That's what I get for responding to the list while on the phone, doh! -Justin ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331958 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: session variables
From a session perspective, the session cookie (the browser side of the session) for https://www.mysite.com is *not* shared with the session cookie for http://www.mysite.com. If crossing from one to the other, therefore, there are 2 options: 1) User has to log back in after the switch 2) The switch has to pass along the session code, for example: https://www.mysite.com/welcomeBack.cfm"; addtoken="Yes" /> You can add the session token manually (cookie.cftoken and cookie.cfid) but the addtoken attribute of cflocation will automate it for you, if you're using that tag. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331955 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: session variables
On 3/22/2010 8:55 AM, daniel kessler wrote: > >> Are you using the secure attribute when setting the cookies? >> > I don't know about a secure attribute. I'm not setting cookies though, but > session variables. > > CFML relies on two values CFID and CFTOKEN, or a single value JSESSIONID if configured that way in the Administrator, to know what client requests belong to what session state data. These values are usually passed as cookies. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331952 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: session variables
>Are you using the secure attribute when setting the cookies? I don't know about a secure attribute. I'm not setting cookies though, but session variables. > Is the SSL >domain the same as the non-SSL domain (i.e. secure.example.com vs. >www.example.com)? I'm just adding an "s" to http. In other words http://sph.umd.edu/home/index.cfm became https://sph.umd.edu/home/index.cfm And then I reverted the change back again to http://sph.umd.edu/home/index.cfm ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331950 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: session variables
> Since then, anyone that tried to log in when it was using > https is now having problems with their session variables > when logging now that it is using http. Are you using the secure attribute when setting the cookies? Is the SSL domain the same as the non-SSL domain (i.e. secure.example.com vs. www.example.com)? -Justin ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331949 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variables across servers
You're right, however I'm the "contractor" on an established team so I have zero say in this . -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Friday, May 09, 2008 3:20 AM To: CF-Talk Subject: Re: Session variables across servers Scott Stewart wrote: > I'm looking for different possibilities > it's a rig until they move the sites to the same server... You efforts are probably better spent speeding up the site move. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304981 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables across servers
Scott Stewart wrote: > I'm looking for different possibilities > it's a rig until they move the sites to the same server... You efforts are probably better spent speeding up the site move. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304969 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Session variables across servers
Thanks Dave, I'm looking for different possibilities it's a rig until they move the sites to the same server... sas -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 12:22 PM To: CF-Talk Subject: RE: Session variables across servers > We've got a weird temporary issue.. We have two websites, on > different servers under different domains. > They need one login for both sites. > > My understanding is that J2EE Session variables will persist > between servers/domains. If you're using cookies for your session tokens, they can't be shared across domains, whether you're using J2EE session management or not. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304903 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables across servers
> We've got a weird temporary issue.. We have two websites, on > different servers under different domains. > They need one login for both sites. > > My understanding is that J2EE Session variables will persist > between servers/domains. If you're using cookies for your session tokens, they can't be shared across domains, whether you're using J2EE session management or not. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304901 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables across servers
Ignore my last post brain fart...going on vacation on Sunday, brains not here -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 11:57 AM To: CF-Talk Subject: RE: Session variables across servers Session will persist between two domains if you have the same cfapplication on both sites and keep passing in the same cfid and cftoken values when going from one domain to another. Session replication between physical servers is another thing. You need to be running ColdFusion enterprise, and have your application deployed as an instance on both machines which are part of a single JRun cluster. At that point, there is a setting in CFAadmin for session replication. ~Brad -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 10:41 AM To: CF-Talk Subject: Session variables across servers Hey all, We've got a weird temporary issue.. We have two websites, on different servers under different domains. They need one login for both sites. My understanding is that J2EE Session variables will persist between servers/domains. How do you implement this in ColdFusion? Thanks sas -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304895 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables across servers
Brad, Does this involve activating J2EE session vars Thanks sas -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 11:57 AM To: CF-Talk Subject: RE: Session variables across servers Session will persist between two domains if you have the same cfapplication on both sites and keep passing in the same cfid and cftoken values when going from one domain to another. Session replication between physical servers is another thing. You need to be running ColdFusion enterprise, and have your application deployed as an instance on both machines which are part of a single JRun cluster. At that point, there is a setting in CFAadmin for session replication. ~Brad -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 10:41 AM To: CF-Talk Subject: Session variables across servers Hey all, We've got a weird temporary issue.. We have two websites, on different servers under different domains. They need one login for both sites. My understanding is that J2EE Session variables will persist between servers/domains. How do you implement this in ColdFusion? Thanks sas -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304894 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables across servers
Session will persist between two domains if you have the same cfapplication on both sites and keep passing in the same cfid and cftoken values when going from one domain to another. Session replication between physical servers is another thing. You need to be running ColdFusion enterprise, and have your application deployed as an instance on both machines which are part of a single JRun cluster. At that point, there is a setting in CFAadmin for session replication. ~Brad -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 10:41 AM To: CF-Talk Subject: Session variables across servers Hey all, We've got a weird temporary issue.. We have two websites, on different servers under different domains. They need one login for both sites. My understanding is that J2EE Session variables will persist between servers/domains. How do you implement this in ColdFusion? Thanks sas -- Scott Stewart ColdFusion Developer SSTWebworks 4405 Oakshyre Way Raleigh, NC. 27616 (919) 874-6229 (home) (703) 220-2835 (cell) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304891 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables expireation issue
Ok, I found the cause: onSessionStart() #THIS.sessionTimeout # outputs 10. Which means 10 days since the createTimespan() function returns units of days (eg CreateTimespan(1,0,0,0)eq 1 and CreateTimespan(0,12,0,0) eq 0.5) onApplicationStart() THIS.sessiontimeout=CreateTimeSpan(0,0,0,10) #THIS.sessiontimeout# outputs 0.000115740740741 which equals 10 secs. Why the same variable (THIS.sessiontimeout) gives a different value in the onApplicationStart() and onSessionStart() handler is beyound me. If I cfdump the THIS scope in both handlers they are identical except for the value of sessiontimeout and applicationtimeout. Marc ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304693 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables expiration issue
> Just a basic question about session variables.I can't get > them to 100% work as I want. Maybe I don't understand so > that's when it's time to turn to the list :) I want to use > session variables that expire a) when the user closes the > browser OR b) when a session times out,whatever comes first. Like Bobby said, just enable J2EE session management in the CF Administrator. You don't have to use CFCOOKIE or anything else in that case. > For a) I do (all in Application.cfc): > ... > This makes that sessions expire when user closes browser. No, it doesn't. It ensures that the browser will be disconnected from the session, which has the same result for the user, but the session data will still be consuming memory on the server. That's good enough if your session timeout is short. If your session timeout isn't short, shorten it. There really isn't an effective way to expire the session data on the server when the user closes the browser, since the server doesn't know that the user closed the browser. All the server knows is when you last requested a page. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304689 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables expireation issue
Just use J2EE session variables within the CF administrator. ..:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -Original Message- From: marc -- [mailto:[EMAIL PROTECTED] Sent: Friday, May 02, 2008 4:53 PM To: CF-Talk Subject: Session variables expireation issue Hello, Just a basic question about session variables.I can't get them to 100% work as I want. Maybe I don't understand so that's when it's time to turn to the list :) I want to use session variables that expire a) when the user closes the browser OR b) when a session times out,whatever comes first. For a) I do (all in Application.cfc): and This makes that sessions expire when user closes browser. For b) add the expires tag to CFCOOKIE with the value specified in THIS.sessiontimeout: if the user does a request _after_the specified timeout period, the CFID/CFTOKEN cookies are not valid anymore (expires has a datetime value that is in the past) so coldfusion will create new values for SESSION.CFID and SESSION.CFTOKEN and call onSessionStart. Setting 2 new cookies with new values for value and expires. To test this I added to the onRequest() function. It turned out that the values displayed in the dump did never change after a 2nd whether that request was within the timespan OR after. That's strange. I thought that if the 2nd request is after the timepout period new values for CFID/CFTOKEn are generated. Am I wrong? And if so, is it possible what I want? Marc ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304688 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables and cookies
I think what many people need to understand is this: The web is state-less. There is nothing in the internet at large that is meant to follow you from page to page, and maintain if you are logged in or not. Anything you do to build a shopping cart, log a user in, is in essence somewhat of a hack. There isn't a magic wand for making all cases work at once. Sure, the majority of your users will have cookies enabled. You will need to write code to check for the existence of a cookie, and if its not there stick a CFTOKEN into the URL. Sessions are really a mash-up of ways to try and make the user state persist from request to request, but I don't think there is a way to accommodate 100% of users session states. The best bet would be to write your application in such a way as to provide, perhaps, a limited subset of functions without a session. And maybe gently ask the user to upgrade or enable cookies if they want to use the site to its fullest =) Just my $.02 Chris Peterson -Original Message- From: Curt Schryver [mailto:[EMAIL PROTECTED] Sent: Thursday, May 24, 2007 2:57 PM To: CF-Talk Subject: Session variables and cookies Okay, I've searched the archives but want to get it straight. I've built a shopping cart using session variables. But, it looks like if a user has cookies turned off, the cart won't retain the contents. Is this correct? I've also read about using URLSessionFormat, but seen some posting that it can mess things up if cookies are enabled. Can anyone give a quick overview of best practices when using session variables? Thanks a lot! Curt ~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279139 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables and cookies
You will need to pass the cfid/token with every request if cookies are expected to be off. "This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -Original Message- From: Curt Schryver To: CF-Talk Sent: Thu May 24 19:57:28 2007 Subject: Session variables and cookies Okay, I've searched the archives but want to get it straight. I've built a shopping cart using session variables. But, it looks like if a user has cookies turned off, the cart won't retain the contents. Is this correct? I've also read about using URLSessionFormat, but seen some posting that it can mess things up if cookies are enabled. Can anyone give a quick overview of best practices when using session variables? Thanks a lot! Curt ~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279138 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables and cookies
> Okay, I've searched the archives but want to get it straight. I've built a > shopping cart using session variables. But, it looks like if a user has > cookies turned off, the cart won't retain the contents. Is this correct? Yes, if you are not passing the CFID and CFTOKEN with a request, and they have cookies turned off, there is nothing that tells the server who is accessing the application, so the session will be dropped. > I've also read about using URLSessionFormat, but seen some posting that it > can mess things up if cookies are enabled. The way it's supposed to work is that if a user has cookies turned off, the CFID/CFTOKEN will be appended to the url; if they do have cookies enabled, the CFID/CFTOKEN won't be appended. So, it shouldn't mess anything up - in fact it's designed to address the issue you're dealing with. > Can anyone give a quick overview of best practices when using session > variables? You'll probably want to consult the Livedocs or a good CF book like CFWACK for the best overview. -- Josh - Original Message - From: "Curt Schryver" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Thursday, May 24, 2007 11:57 AM Subject: Session variables and cookies > > I've also read about using URLSessionFormat, but seen some posting that it > can mess things up if cookies are enabled. > > Can anyone give a quick overview of best practices when using session > variables? > > Thanks a lot! > Curt > > ~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279137 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables
And if you are in doubt, just wrap every url in your app with the URLSessionFormat() function (if you are on CF7) and that will automatically do the job if cookies are off and leave the URL alone if they are on. On 12/14/06, Dave Watts <[EMAIL PROTECTED]> wrote: > > Just a quick question. When is it necessary to pass the > > session information for a user in the URL as that user > > navigates a site? If I remember correctly, some of this > > depends on whether cookies are enabled on the browser and > > whether J2EE session variables are enabled. Can anyone give > > me a quick primer on this or point me in the right direction? > > If you cannot rely on cookies to ensure that every request contains a > session token, you must ensure that the session token is passed some other > way for every request, whether that request is triggered by a link, a form > submission, or a client- or server-side redirect. > > This doesn't have anything to do with J2EE sessions vs CF sessions. However, > J2EE session cookies are nonpersistent by default, so they are more likely > to be accepted by browsers. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264030 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Session variables
> Just a quick question. When is it necessary to pass the > session information for a user in the URL as that user > navigates a site? If I remember correctly, some of this > depends on whether cookies are enabled on the browser and > whether J2EE session variables are enabled. Can anyone give > me a quick primer on this or point me in the right direction? If you cannot rely on cookies to ensure that every request contains a session token, you must ensure that the session token is passed some other way for every request, whether that request is triggered by a link, a form submission, or a client- or server-side redirect. This doesn't have anything to do with J2EE sessions vs CF sessions. However, J2EE session cookies are nonpersistent by default, so they are more likely to be accepted by browsers. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263948 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
i have taken the application.cfc out of the default folder and put it into the parent directory but now all of my pages are coming up blank. unless it is in the _mmServerScripts folder nothing works. is there a reason for this ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254154 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
On 9/25/06, Ian Skinner <[EMAIL PROTECTED]> wrote: > (honestly, i'm new to Application.cfc, so i'm not sure if the including is a > generally accepted good practice...might be better to just move the > Application.cfc up one level so both directories can access it) > > Actually with Application.cfc, extending the CFC is usually a better way, > then trying to include one in the other. > > With Applciation.cfm files, including other application.cfm files is not > uncommon. thanks Ian. that makes perfect sense. as you can see, i'm still making the transition from the .cfm to the .cfc way of thinking :) appreciate the heads-up. -- Charlie Griefer "...All the world shall be your enemy, Prince with a Thousand Enemies, and whenever they catch you, they will kill you. But first they must catch you, digger, listener, runner, prince with a swift warning. Be cunning and full of tricks and your people shall never be destroyed." ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254145 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
thanks for everyones help, its made it very understandable! ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254144 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
i see thanks for all your help :) ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254143 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Session variables problem
(honestly, i'm new to Application.cfc, so i'm not sure if the including is a generally accepted good practice...might be better to just move the Application.cfc up one level so both directories can access it) Actually with Application.cfc, extending the CFC is usually a better way, then trying to include one in the other. With Applciation.cfm files, including other application.cfm files is not uncommon. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA - | 1 | | - Binary Soduko | | | - "C code. C code run. Run code run. Please!" - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254140 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
Well, you don't really use the cfapplication tag in application.cfc. You use the "this" scope before the first cffunction to set the application wide values. There is a good quick reference from Ray Camden on application.cfc that can help you choose to stay with application.cfm or use the application.cfc. http://ray.camdenfamily.com/downloads/app.pdf Teddy On 9/25/06, Ian Skinner <[EMAIL PROTECTED]> wrote: > > In an application.cfm or application.cfc file so that it is automatically > included at the top of every page in the same directory and its > sub-directories. > > > > > -- > Ian Skinner > Web Programmer > BloodSource > www.BloodSource.org > Sacramento, CA > > - > | 1 | | > - Binary Soduko > | | | > - > > "C code. C code run. Run code run. Please!" > - Cynthia Dunning > > Confidentiality Notice: This message including any > attachments is for the sole use of the intended > recipient(s) and may contain confidential and privileged > information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the > intended recipient, please contact the sender and > delete any copies of this message. > > > > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254139 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > >sounds like sessions aren't enabled. > > > >the 'action' page that errors out...it's within the same directory (or > >subdirectory) of the Application.cfc that's enabling the session > >management? > > > >On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > > > oh i see, i have just put the tag at the top of the action > page and it now works fine. where is the best place to put the cfapplication > tag? best place would be your Application.cfc. but you need to understand how Application.cfc (and Application.cfm) work. any coldfusion template looks in its own directory for Application.cfc. if it doesn't find one, it looks up one directory level. it keeps doing this until either it finds an Application.cfc (at which point it uses that file and stops looking) or reaches the root folder (at which point it simply stops looking and no Application.cfc is used). if your Application.cfc is in a directory that's at the same level as the template that you're running...that template won't have access to that Application.cfc. Not without creating an Application.cfc in the same directory and including the Application.cfc in the sibling directory (honestly, i'm new to Application.cfc, so i'm not sure if the including is a generally accepted good practice...might be better to just move the Application.cfc up one level so both directories can access it). -- Charlie Griefer "...All the world shall be your enemy, Prince with a Thousand Enemies, and whenever they catch you, they will kill you. But first they must catch you, digger, listener, runner, prince with a swift warning. Be cunning and full of tricks and your people shall never be destroyed." ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254137 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Session variables problem
In an application.cfm or application.cfc file so that it is automatically included at the top of every page in the same directory and its sub-directories. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA - | 1 | | - Binary Soduko | | | - "C code. C code run. Run code run. Please!" - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254134 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
tag is typically stored in the application.cfm file. Though if you are using CF MX, application.cfc is recommended more as it provides more features, organization and better event based code use. Teddy On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > >sounds like sessions aren't enabled. > > > >the 'action' page that errors out...it's within the same directory (or > >subdirectory) of the Application.cfc that's enabling the session > >management? > > > >On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > > > oh i see, i have just put the tag at the top of the action > page and it now works fine. where is the best place to put the cfapplication > tag? > > thanks > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254136 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
> >sounds like sessions aren't enabled. > > > >the 'action' page that errors out...it's within the same directory > (or > >subdirectory) of the Application.cfc that's enabling the session > >management? > > > >On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > > > oh i see, i have just put the tag at the top of the > action page and it now works fine. where is the best place to put the > cfapplication tag? > thanks i have found that the only way i can get it to display the session.student.name is if i place the at the top of both themain page and the action page, is that right? thanks for your replies sandra and teddy,im not using the cflocation tag yet :) and calling the second page by a form submit button ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254135 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
This sounds like the culprit. In order to use a certain session with a certain application name, the application.cfm or application.cfc needs to be ina parent folder or in the same folder. Example Assume foo.cfm is calling a session variable. \application.cfc \folder1\foo.cfm This would work. \folder1\application.cfc \foo.cfm This would not. Makes sense? Teddy On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > >sounds like sessions aren't enabled. > > > >the 'action' page that errors out...it's within the same directory (or > >subdirectory) of the Application.cfc that's enabling the session > >management? > > > > well in the root folder there is a default folder called _mmServerScripts, > this is where the application.cfc is stored. my files are not stored in > that folder, but stored in a seperate folder but on the same level as the > _mmServerScripts. could this be the problem? > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254133 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
>sounds like sessions aren't enabled. > >the 'action' page that errors out...it's within the same directory (or >subdirectory) of the Application.cfc that's enabling the session >management? > >On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > oh i see, i have just put the tag at the top of the action page and it now works fine. where is the best place to put the cfapplication tag? thanks ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254130 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
>sounds like sessions aren't enabled. > >the 'action' page that errors out...it's within the same directory (or >subdirectory) of the Application.cfc that's enabling the session >management? > well in the root folder there is a default folder called _mmServerScripts, this is where the application.cfc is stored. my files are not stored in that folder, but stored in a seperate folder but on the same level as the _mmServerScripts. could this be the problem? ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254129 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
How are you calling the second page from the main page? cflocation? Teddy On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > >what do you see if you do a ? > > if i do this in the action page it says variable session is undefined. > > i have actually changed it as you said in the main page and created the > structure straight in the session variable. I am the session.student.namefine > in the main page but it is not working in the calling page > > thanks > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254128 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Session variables problem
Are you perhaps doing a cflocation after setting the session? If so, there is a know bug that I don't think ever got resolved that precludes you from doing that. Try setting the session on a page without the cflocation and see if that works Sandra Clark == http://www.shayna.com Training in Cascading Style Sheets and Accessibility -Original Message- From: Richard White [mailto:[EMAIL PROTECTED] Sent: Monday, September 25, 2006 3:46 PM To: CF-Talk Subject: Re: Session variables problem >what do you see if you do a ? if i do this in the action page it says variable session is undefined. i have actually changed it as you said in the main page and created the structure straight in the session variable. I am the session.student.name fine in the main page but it is not working in the action page thanks ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254127 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
>Are session variables enabled from the CF administrator? > >Teddy > >On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: >> thanks, yes they are enabled in the cf admin and in the cfapplication tag in the application.cfc ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254126 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
sounds like sessions aren't enabled. the 'action' page that errors out...it's within the same directory (or subdirectory) of the Application.cfc that's enabling the session management? On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > >what do you see if you do a ? > > if i do this in the action page it says variable session is undefined. > > i have actually changed it as you said in the main page and created the > structure straight in the session variable. I am the session.student.name > fine in the main page but it is not working in the calling page > > thanks > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254125 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
Are session variables enabled from the CF administrator? Teddy On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > > >1) is session management enabled in a tag? > >2) that's some ugly naming conventions right there. too many > >variables with the same name. > >3) why not just create the struct in the session? > > > > > > session.student = structNew(); > > session.student.name = "Fred"; > > > > lol, very goodpoint, thank you, i will change that. > > yes i have enabled the session variables in the cf admin and the > application.cfc but still not recognising even if i try the following in > the action page: > > #session.student.name# > > it still says session is undefined > > thanks > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254124 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
>what do you see if you do a ? if i do this in the action page it says variable session is undefined. i have actually changed it as you said in the main page and created the structure straight in the session variable. I am the session.student.name fine in the main page but it is not working in the action page thanks ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254123 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
>what do you see if you do a ? if i do this in the action page it says variable session is undefined. i have actually changed it as you said in the main page and created the structure straight in the session variable. I am the session.student.name fine in the main page but it is not working in the calling page thanks ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254122 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
what do you see if you do a ? On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > >1) is session management enabled in a tag? > >2) that's some ugly naming conventions right there. too many > >variables with the same name. > >3) why not just create the struct in the session? > > > > > > session.student = structNew(); > > session.student.name = "Fred"; > > > > lol, very goodpoint, thank you, i will change that. > > yes i have enabled the session variables in the cf admin and the > application.cfc but still not recognising even if i try the following in the > action page: > > #session.student.name# > > it still says session is undefined > > thanks > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254121 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session variables problem
>1) is session management enabled in a tag? >2) that's some ugly naming conventions right there. too many >variables with the same name. >3) why not just create the struct in the session? > > > session.student = structNew(); > session.student.name = "Fred"; > lol, very goodpoint, thank you, i will change that. yes i have enabled the session variables in the cf admin and the application.cfc but still not recognising even if i try the following in the action page: #session.student.name# it still says session is undefined thanks ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254120 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session variables problem
1) is session management enabled in a tag? 2) that's some ugly naming conventions right there. too many variables with the same name. 3) why not just create the struct in the session? session.student = structNew(); session.student.name = "Fred"; 4) if you do plan on copying a local variable structure into another scope (e.g. session), be aware that structs are copied by reference. if you want a deep copy, you'll want the duplicate() function. e.g. variables.student = structNew(); session.student = duplicate(varibles.student); On 9/25/06, Richard White <[EMAIL PROTECTED]> wrote: > I am having trouble with the session variables. I know there must be a simple > solution but this is the first time i have used them and not sure what i am > doing wrong. > > I am trying to assign a structure to the session variable in one page and > then use that session structure in the forms action page. > > In the first page i am trying to assign it as as follows: > > > student = StructNew(); > student.name = "Fred" > session.student = student; > > > then in the action page i am trying to call it as follows: > > > not found > > found > > > it is telling me that the session variable is undefined > > thanks for any help > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254118 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session Variables lost when moving from http to https - Please help!
> Is there a way to display the image without have to copy the image > directory to the "secure" folder? I you can get an https:// connection to the /content/images/ folder then you can do this without copying I would think. Use full urls in your image calls instead of relative. Set the value of the full url to a variable so your code stays portable. https://foo.com/bar/";> HtH, [EMAIL PROTECTED] MSB Web Systems http://mysecretbase.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242705 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Great! that worked. The file order.cfm has few tags as well. The images are stored in the "content/images" folder. I changed the src to the following: But the image was not displayed on the site because the folder "content/images" does not exist under the "secure" folder which the secure site points to. I viewed the broken image properties the address displayed was this: https://www.secureweb.co.uk/content/images/order.gif "content/images" folder does not exist in the "secure" folder. This is the broken image property address I see when I remove the "../content/ from the tag https://www.secureweb.co.uk/testsite/images/order.gif Is there a way to display the image without have to copy the image directory to the "secure" folder? Thanks ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242557 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Application.cfm in the root of the secure directory should be able to do this: cf coder wrote: > Thank you Matt for the detailed explaination. I went back to review the code > yesterday and here is what I found. > > The regular domain webroot is "C:\inetpub\wwwroot\web\content" folder. There > is an application.cfm file in this folder and a tag. When the > site is opened in a browser the application/session variables are set, ex: > http://www.testsite.com/index.cfm > > The view basket cfm page is in the content folder > (C:\inetpub\wwwroot\web\content) under the webroot. The template that gets > called when the user hits href="https://www.secureweb.co.uk/testsite/order.cfm?CFID=3107295&CFTOKEN=20059956";>Proceed > "PROCEED" from viewbasket.cfm is in a folder under the webroot called secure > (C:\inetpub\wwwroot\web\secure\order.cfm). > > I noticed yesterday that the application.cfm file was not present in the > "secure" folder. I copied it over from the "content" folder. There is a > tag in application.cfm that calls a template in the content > folder . I'm getting a file not > found error message and that's because the secure site does not have a folder > called "content". Is there a way round this, i.e by adding a virtual > directory in IIS or ColdFusion mapping? > > My hosting provider has provided with a readme.txt file with instructions: > > > WEB > --- > > This directory is the location for files connected with your web site and > contains the following directories. > > CONTENT > SECURE * (Platinum Plus customers only) > > CONTENT > --- > > This is the directory that you should upload your web site files to. Inside > this directory is a file named default.asp which is a placeholder for your > web site. > > If you are creating code that requires the physical path on the web server to > this directory then it will be as follows: > > d:\inetpub\DOMAINNAME\web\ > > Replace the word domain name with your primary web site domain. For example, > if the site you have signed up for is named www.mysite.com then the path > would be d:\inetpub\mysite.com\web\ > > The CONTENT directory also contains a further directory named CGI-BIN which > should be used as the location for Perl and cgi files. > > By default the file extension recognised on this server for Perl and cgi > files is .pl > > SECURE (Platinum Plus customers only) > - > > Under the Platinum Plus package you have access to our shared secure server. > > The directory SECURE is the directory to which you should upload files that > should appear under the secure site. > > > I would really appreciate your help. > > Thanks, > cfcoder > > ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242554 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Thank you Matt for the detailed explaination. I went back to review the code yesterday and here is what I found. The regular domain webroot is "C:\inetpub\wwwroot\web\content" folder. There is an application.cfm file in this folder and a tag. When the site is opened in a browser the application/session variables are set, ex: http://www.testsite.com/index.cfm The view basket cfm page is in the content folder (C:\inetpub\wwwroot\web\content) under the webroot. The template that gets called when the user hits https://www.secureweb.co.uk/testsite/order.cfm?CFID=3107295&CFTOKEN=20059956";>Proceed "PROCEED" from viewbasket.cfm is in a folder under the webroot called secure (C:\inetpub\wwwroot\web\secure\order.cfm). I noticed yesterday that the application.cfm file was not present in the "secure" folder. I copied it over from the "content" folder. There is a tag in application.cfm that calls a template in the content folder . I'm getting a file not found error message and that's because the secure site does not have a folder called "content". Is there a way round this, i.e by adding a virtual directory in IIS or ColdFusion mapping? My hosting provider has provided with a readme.txt file with instructions: WEB --- This directory is the location for files connected with your web site and contains the following directories. CONTENT SECURE * (Platinum Plus customers only) CONTENT --- This is the directory that you should upload your web site files to. Inside this directory is a file named default.asp which is a placeholder for your web site. If you are creating code that requires the physical path on the web server to this directory then it will be as follows: d:\inetpub\DOMAINNAME\web\ Replace the word domain name with your primary web site domain. For example, if the site you have signed up for is named www.mysite.com then the path would be d:\inetpub\mysite.com\web\ The CONTENT directory also contains a further directory named CGI-BIN which should be used as the location for Perl and cgi files. By default the file extension recognised on this server for Perl and cgi files is .pl SECURE (Platinum Plus customers only) - Under the Platinum Plus package you have access to our shared secure server. The directory SECURE is the directory to which you should upload files that should appear under the secure site. I would really appreciate your help. Thanks, cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242553 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
>Just carry it over with the >urltoken var to be sure. Yikes. I wouldn't recommend that for security reasons. You shouldn't need to make the application name a variable under most circumstances. How often does something like that change? Best to hardcode it and make it something that isn't likely to be guessed. [EMAIL PROTECTED] Janitor, MSB Web Systems http://mysecretbase.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242336 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Variables lost when moving from http to https - Please help!
The cfapplication name in the application.cfm must be the same (presuming the secure ssl area is on the same server). Just carry it over with the urltoken var to be sure. I use urltoken on every post / url just in case users don't have cookies on. i.e. Warmest Regards, Phillip B. Holmes http://phillipholmes.com -Original Message- From: cf coder [mailto:[EMAIL PROTECTED] Sent: Sunday, June 04, 2006 12:30 PM To: CF-Talk Subject: Re: Session Variables lost when moving from http to https - Please help! I added a cfdump tag to dump the server and application strucutre and saw the server dump but got an error for outputting the application dump: I'll have to contact the hosting provider to see what's going on. It is not making sense. I've probably got to undestand how the website is set up and get some answers from the hosting provider. Thank you all for your help - cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242321 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
cf_coder wrote: > I added a cfdump tag to dump the server and application strucutre and > saw the server dump but got an error for outputting the application > dump I think if there's no application scope then that means you are running code without a cfapplication statement. That would mean, off the top of my head, that the application, session and client scopes wouldn't exist. HtH, [EMAIL PROTECTED] Janitor, MSB Web Systems http://mysecretbase.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242320 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
ColdFusion wrote:
>I thought the session variables are applied to the application
>Which is mapped to the url of http://www.mysite.com
>
>Since https is a different protocol, I did not think you could in theory
>share those variables.
No thats not correct. The session variables are mapped to an application which
has a specific name, where that name is set with a cfapplication tag, typically
in /Application.cfm. This is a server side operation. The protocol you use to
reach the domain is client side and doesn't have anything to do with the
picture with respect to the application, its identity, the session vars
belonging to users within it etc.
Its the domain you have to match up to. If you look at the client side cookie
file (which contains the CFID and CFTOKEN that CF uses to maintain state) its
named 'www.domain.com' or 'domain.com' and contains nothing inside to indicate
any sort of specific protocol. You get one cookie file per domain. Cross
domains and you get a different CFID and CFTOKEN.
So by telling CF what the desired CFID and CFTOKEN is when the user crosses
into secureland (via the query string; and you only need to do it once) either
CF will match up the other scopes (client, cookie, session) for you or you need
to do it yourself -- I forget which at the moment to be honest. If CF doesn't
do it then something like this in /Application.cfm would be in order:
if (isdefined ("url.CFID")) {
if (CompareNoCase(client.CFID,url.CFID)) {
client.CFID=url.CFID;
client.CFTOKEN=url.CFTOKEN;
cookie.CFID=url.CFID;
cookie.CFTOKEN=url.CFTOKEN;
}
}
I pulled the above from some old code. Again it may not be even necessary.
Where cf_coder is probably running into trouble is there is probably an
Application.cfm in the mix somewhere on the secure side that is controlling the
show and contradicting what s/he wants to do. If you can't even dump the
session scope, then I would take that to mean there is a cfapplication tag
somewhere that is denying session management. As a general rule, both client
and session management must be enabled unless you want to do a lot of extra
work, which I bet you don't.
1. Find that tag. Search for the string "cfapplication" throughout the code
and that will bring up all potential sources of trouble.
2. Correct the discrepancy in cfapplication settings.
3. Make sure the affected cfapplication statements have the same application
name. Without that you will have separate sessions no matter what other hoops
you jump thru.
~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242319
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
I added a cfdump tag to dump the server and application strucutre and saw the server dump but got an error for outputting the application dump: I'll have to contact the hosting provider to see what's going on. It is not making sense. I've probably got to undestand how the website is set up and get some answers from the hosting provider. Thank you all for your help - cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242317 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Variables lost when moving from http to https - Please help!
-Original Message- From: cf coder [mailto:[EMAIL PROTECTED] Sent: 04 June 2006 15:24 To: CF-Talk Subject: Re: Session Variables lost when moving from http to https - Please help! Is there a ColdFusion I can use on the https site to return the server settings i.e webserver version, application name, etc etc. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242315 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
I do secure logins on non-secure sites using a single SSl cert, by passing the URLTOKEN in the URL, and all works well. As long as the session ids are available in the URL, it should work whether it's http or https. On 6/4/06, Coldfusion <[EMAIL PROTECTED]> wrote: > Correct me if I am wrong but I thought the session variables are applied to > the application > Which is mapped to the url of http://www.mysite.com > > Since https is a different protocol, I did not think you could in theory > share those variables. > > What I did was shared the DSN and such. Passed a URL variable to the secured > site such as the > Basket ID and then pulled the data on the secured site and handled it > accordingly. > > Everything was pulled from the DB and not in a session scope. > > > -Original Message- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 04, 2006 9:40 AM > To: CF-Talk > Subject: Re: Session Variables lost when moving from http to https - Please > help! > > If the session isn't available on that form post URL, using the same > application name, something strange is going on. It's definitely the same > physical server? > > On 6/4/06, cf coder <[EMAIL PROTECTED]> wrote: > > On viewbasket.cfm (wwwroot\order\viewbasket.cfm) I added the following > code: > > > > > action="https://securesite/proceedToSecuresite.cfm?#session.URLToken#"; > > method="post"> > border="0"> > > > > I didn't include it in every single page. I thought I'll first test if > this works. > > -- > CFAJAX docs and other useful articles: > http://jr-holmes.coldfusionjournal.com/ > > > > ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242314 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Is there a ColdFusion I can use on the https site to return the server settings i.e webserver version, application name, etc etc. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242312 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Yes its definately the same physical server. I have no clue as to why the session, application, server, form, request scope variables are not available on the https domain. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242311 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Variables lost when moving from http to https - Please help!
Correct me if I am wrong but I thought the session variables are applied to the application Which is mapped to the url of http://www.mysite.com Since https is a different protocol, I did not think you could in theory share those variables. What I did was shared the DSN and such. Passed a URL variable to the secured site such as the Basket ID and then pulled the data on the secured site and handled it accordingly. Everything was pulled from the DB and not in a session scope. -Original Message- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: Sunday, June 04, 2006 9:40 AM To: CF-Talk Subject: Re: Session Variables lost when moving from http to https - Please help! If the session isn't available on that form post URL, using the same application name, something strange is going on. It's definitely the same physical server? On 6/4/06, cf coder <[EMAIL PROTECTED]> wrote: > On viewbasket.cfm (wwwroot\order\viewbasket.cfm) I added the following code: > > action="https://securesite/proceedToSecuresite.cfm?#session.URLToken#"; > method="post"> border="0"> > > I didn't include it in every single page. I thought I'll first test if this works. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242309 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
If the session isn't available on that form post URL, using the same application name, something strange is going on. It's definitely the same physical server? On 6/4/06, cf coder <[EMAIL PROTECTED]> wrote: > On viewbasket.cfm (wwwroot\order\viewbasket.cfm) I added the following code: > > action="https://securesite/proceedToSecuresite.cfm?#session.URLToken#"; > method="post"> > > I didn't include it in every single page. I thought I'll first test if this > works. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242307 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
On viewbasket.cfm (wwwroot\order\viewbasket.cfm) I added the following code: https://securesite/proceedToSecuresite.cfm?#session.URLToken#"; method="post"> I didn't include it in every single page. I thought I'll first test if this works. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242306 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Did you pass the token in every URL on the secure site? On 6/4/06, cf coder <[EMAIL PROTECTED]> wrote: > I tried that. I passed #session.URLToken# in the url query string but I still > got an error when I tried to dump the session scope variable, var="#session#"> > > Any ideas? > > PS: The main site domain and the secure site doamin names are not the same > although the codebase is the same. > > wwwroot\order\viewbasket.cfm (http) > wwwroot\secure\proceedToSecuresite.cfm (https) > > Thanks > - cfcoder > > ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242305 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
I tried that. I passed #session.URLToken# in the url query string but I still got an error when I tried to dump the session scope variable, Any ideas? PS: The main site domain and the secure site doamin names are not the same although the codebase is the same. wwwroot\order\viewbasket.cfm (http) wwwroot\secure\proceedToSecuresite.cfm (https) Thanks - cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242304 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
No, you pass the SESSION.URLTOKEN in the URL, not the data. As long as you are staying on the same machine, the session will then persist across domains. On 6/4/06, cf coder <[EMAIL PROTECTED]> wrote: > Hello Will, I am storing query objects in request and session variables. I > can't send this info over the url query. The https link links to a different > domain because my site is hosted by a company that provides the access to > shared secure server. > > I understand the point made by someone earlier that the sessions are > associated with a single domain/server and there isn't a simple solution to > maintaining the sessions over multiple domains. I'm just not convinced that > the only way to keep the sessions over multiple domains is to pass the data > in url querystring or store the data in a temp table. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242298 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Josh, its not just the request scope variables that are undefined, I tried dumping the application and session scope variables but got the same undefined error message. -cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242297 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Hello Will, I am storing query objects in request and session variables. I can't send this info over the url query. The https link links to a different domain because my site is hosted by a company that provides the access to shared secure server. I understand the point made by someone earlier that the sessions are associated with a single domain/server and there isn't a simple solution to maintaining the sessions over multiple domains. I'm just not convinced that the only way to keep the sessions over multiple domains is to pass the data in url querystring or store the data in a temp table. -cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242296 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
> You can fudge a fix by sending the key pair over in the url query > string on the link that crosses from non secure to secure. You'll > need to do the same thing on the way back when they cross back over to > normal from secure. > > This is what I do and it works well. Will ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242193 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
thank you all for your help and advise. I'll take a butchers at it tomorrow as it is pretty late in the night here in the UK. Cheers, cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242175 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Hmmm...I have an application where I set the session variables in http and then cflocation over to https and it works fine, as long as the domain is the same, http://www.yourdomain.com and https://www.yourdomain.com. I think the problem may lie elsewhere -- make sure your application has the same name (in the cfapplication tag) on both http and https sides. Also, you say you get "Element not defined in Request" - Request scope is only good for the requested page; that scope won't hold variables across requests, so sounds like you might be confusing session scope with request scope. You'll probably want to store your cart variables in the session scope rather than request scope, or better yet in a tempBasket table. -- Josh - Original Message - From: "Sandra Clark" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, June 02, 2006 3:35 PM Subject: RE: Session Variables lost when moving from http to https - Please help! > You go into a different session from http to https. Best solution is > store > the information in a temporary table in the database, send the id over the > url and then retrieve from the database on the other side. > > > Sandra Clark > == > http://www.shayna.com > Training in Cascading Style Sheets and Accessibility > -Original Message- > From: cf coder [mailto:[EMAIL PROTECTED] > Sent: Friday, June 02, 2006 6:18 PM > To: CF-Talk > Subject: Session Variables lost when moving from http to https - Please > help! > > Hello Everybody, > > I need your help solving this problem. Any help will be much appreciated. > I > am working on a a shopping cart page that stores the items ordered in a > request scope variable. The usual stuff i.e you add an item to a basket > and > view your basket where you check the total price and postage options. > > The "proceed" button on this page sends the user to a secure site (https). > The problem I'm having is once I go from http to https, the session will > disappears and I get a Element is undefined in REQUEST error. I also get > an > error when I try to dump the application and session scope variables. > > Can anybody tell me how to fix this problem? I have run out of ideas. > > Best regards, > cfcoder > > > > ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242174 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Variables lost when moving from http to https - Please help!
I'm confused... why would https make you have a different session? Sessions are based on cookies after all (cfid and cftoken). The cookies should be getting set on a per domain basis, so if you're using the same domain for http and https, and it's hitting the same cf server, there shouldn't be a problem... If you are for some weird reason having problems, perhaps you can pass the cfid and cftoken as hidden fields on your form, that might help you keep the session. Russ > -Original Message- > From: Sandra Clark [mailto:[EMAIL PROTECTED] > Sent: Friday, June 02, 2006 6:35 PM > To: CF-Talk > Subject: RE: Session Variables lost when moving from http to https - > Please help! > > You go into a different session from http to https. Best solution is > store > the information in a temporary table in the database, send the id over the > url and then retrieve from the database on the other side. > > > Sandra Clark > == > http://www.shayna.com > Training in Cascading Style Sheets and Accessibility > -Original Message- > From: cf coder [mailto:[EMAIL PROTECTED] > Sent: Friday, June 02, 2006 6:18 PM > To: CF-Talk > Subject: Session Variables lost when moving from http to https - Please > help! > > Hello Everybody, > > I need your help solving this problem. Any help will be much appreciated. > I > am working on a a shopping cart page that stores the items ordered in a > request scope variable. The usual stuff i.e you add an item to a basket > and > view your basket where you check the total price and postage options. > > The "proceed" button on this page sends the user to a secure site (https). > The problem I'm having is once I go from http to https, the session will > disappears and I get a Element is undefined in REQUEST error. I also get > an > error when I try to dump the application and session scope variables. > > Can anybody tell me how to fix this problem? I have run out of ideas. > > Best regards, > cfcoder > > > > ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242173 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
Thanks for your reply Sandra... is this the only solution? I thought there must be a way to pass the variables to the https site. I have atleast 20 session and application varibables. Are you suggesting I store this information in a temp table in the database in for ex wddx format and retreive it at the other end. That is a hell of an inconvenience. There has got to be a way to retreive the session information when moving from http to https. I wish I knew how this could be done. The view basket page is in a folder under the webroot called orders (mysite/orders) and the page that gets called when the user hits "proceed" is in a folder under the webroot called secure (mysite/secure). Your help is much appreciated. Thanks, cfcoder >You go into a different session from http to https. Best solution is store >the information in a temporary table in the database, send the id over the >url and then retrieve from the database on the other side. > > >Sandra Clark >== >http://www.shayna.com >Training in Cascading Style Sheets and Accessibility >-Original Message- >From: cf coder [mailto:[EMAIL PROTECTED] >Sent: Friday, June 02, 2006 6:18 PM >To: CF-Talk >Subject: Session Variables lost when moving from http to https - Please >help! > >Hello Everybody, > >I need your help solving this problem. Any help will be much appreciated. I >am working on a a shopping cart page that stores the items ordered in a >request scope variable. The usual stuff i.e you add an item to a basket and >view your basket where you check the total price and postage options. > >The "proceed" button on this page sends the user to a secure site (https). >The problem I'm having is once I go from http to https, the session will >disappears and I get a Element is undefined in REQUEST error. I also get an >error when I try to dump the application and session scope variables. > >Can anybody tell me how to fix this problem? I have run out of ideas. > >Best regards, >cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242172 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
if your regular domain is http://normal.mydomain.com and your secure domain is http://secure.mydomain.com Then those are two different domains hence two different sessions. I personally have never had any luck with the setdomaincookies option in cfapplication, which I believe is supposed to allow you to bridge a gap like this. For me it always did weird things in certain browsers. You can eliminate the issue entirely by making your secure domain and your normal one the same, like so: http://www.mydomain.com https://www.mydomain.com Then there is no session loss issue since the domains are the same. You can fudge a fix by sending the key pair over in the url query string on the link that crosses from non secure to secure. You'll need to do the same thing on the way back when they cross back over to normal from secure. HtH, [EMAIL PROTECTED] Janitor, MSB Web Systems http://mysecretbase.com > Hello Everybody, > > I need your help solving this problem. Any help will be much > appreciated. I am working on a a shopping cart page that stores the > items ordered in a request scope variable. The usual stuff i.e you add > an item to a basket and view your basket where you check the total > price and postage options. > > The "proceed" button on this page sends the user to a secure site > (https). The problem I'm having is once I go from http to https, the > session will disappears and I get a Element is undefined in REQUEST > error. I also get an error when I try to dump the application and > session scope variables. > > Can anybody tell me how to fix this problem? I have run out of ideas. > > > Best regards, cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242171 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Variables lost when moving from http to https - Please help!
You go into a different session from http to https. Best solution is store the information in a temporary table in the database, send the id over the url and then retrieve from the database on the other side. Sandra Clark == http://www.shayna.com Training in Cascading Style Sheets and Accessibility -Original Message- From: cf coder [mailto:[EMAIL PROTECTED] Sent: Friday, June 02, 2006 6:18 PM To: CF-Talk Subject: Session Variables lost when moving from http to https - Please help! Hello Everybody, I need your help solving this problem. Any help will be much appreciated. I am working on a a shopping cart page that stores the items ordered in a request scope variable. The usual stuff i.e you add an item to a basket and view your basket where you check the total price and postage options. The "proceed" button on this page sends the user to a secure site (https). The problem I'm having is once I go from http to https, the session will disappears and I get a Element is undefined in REQUEST error. I also get an error when I try to dump the application and session scope variables. Can anybody tell me how to fix this problem? I have run out of ideas. Best regards, cfcoder ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242169 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Variables lost when moving from http to https - Please help!
cf coder wrote: > Hello Everybody, > > I need your help solving this problem. Any help will be much appreciated. I > am working on a a shopping cart page that stores the items ordered in a > request scope variable. The usual stuff i.e you add an item to a basket and > view your basket where you check the total price and postage options. > > The "proceed" button on this page sends the user to a secure site (https). > The problem I'm having is once I go from http to https, the session will > disappears and I get a Element is undefined in REQUEST error. I also get an > error when I try to dump the application and session scope variables. > > Can anybody tell me how to fix this problem? I have run out of ideas. > > Best regards, > cfcoder > > ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242167 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
