Re: Client Variables to Session Variables
you have two input fields (3rd and 4th) where name attribute is "name3" and the first 2 input fields need to have id tags > Hi All, > > I am trying to merge three textfield values (month,day and year for > DOB)into one and trying to store in a session. Javascript is a client > side variable and I am unable to store it to session variable . Can > anyone help me with this? > > See below is the code I am trying to do and I also used hidden fields > to display the date but it could not work. > >
Re: client variables log database is huge
Thanks to both of you for the information. John > > I suspect that there may be a problem with our ClientStorage_log > database as it's currently > > at 11.5 gigs and has to be cleared out once a month or so. I freed 4. > 5 gigs of space on this > > server by moving files off 2 days ago and within 24 hours that space > was filled again. Could > > this be a security hole that is allowing our clientStorage_log db to > get filled so quickly? I don't > > know the size of the clientStorage_log prior to moving the files off > the server but it's by far the > > largest recently modified file in the past 4 days. > > If you're using MS SQL Server to store Client variables, the recovery > model you've chosen for the database will control what happens when > the database is backed up by scheduled maintenance task. It sounds > like you've chosen full or bulk-logged, in which case you are > responsible for truncating the transaction log. If you choose the > simple recovery model, the transaction log should be truncated > automatically, if I recall correctly. > > You can also reduce the number of database writes by disabling the > option in CF to keep track of Client.Hitcount and Client.LastVisit. > If > you're not using those variables, you should disable that option. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315711 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: client variables log database is huge
Thanks to both of you for the information. John > > I suspect that there may be a problem with our ClientStorage_log > database as it's currently > > at 11.5 gigs and has to be cleared out once a month or so. I freed 4. > 5 gigs of space on this > > server by moving files off 2 days ago and within 24 hours that space > was filled again. Could > > this be a security hole that is allowing our clientStorage_log db to > get filled so quickly? I don't > > know the size of the clientStorage_log prior to moving the files off > the server but it's by far the > > largest recently modified file in the past 4 days. > > If you're using MS SQL Server to store Client variables, the recovery > model you've chosen for the database will control what happens when > the database is backed up by scheduled maintenance task. It sounds > like you've chosen full or bulk-logged, in which case you are > responsible for truncating the transaction log. If you choose the > simple recovery model, the transaction log should be truncated > automatically, if I recall correctly. > > You can also reduce the number of database writes by disabling the > option in CF to keep track of Client.Hitcount and Client.LastVisit. > If > you're not using those variables, you should disable that option. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315710 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: client variables log database is huge
> I suspect that there may be a problem with our ClientStorage_log database as > it's currently > at 11.5 gigs and has to be cleared out once a month or so. I freed 4.5 gigs > of space on this > server by moving files off 2 days ago and within 24 hours that space was > filled again. Could > this be a security hole that is allowing our clientStorage_log db to get > filled so quickly? I don't > know the size of the clientStorage_log prior to moving the files off the > server but it's by far the > largest recently modified file in the past 4 days. If you're using MS SQL Server to store Client variables, the recovery model you've chosen for the database will control what happens when the database is backed up by scheduled maintenance task. It sounds like you've chosen full or bulk-logged, in which case you are responsible for truncating the transaction log. If you choose the simple recovery model, the transaction log should be truncated automatically, if I recall correctly. You can also reduce the number of database writes by disabling the option in CF to keep track of Client.Hitcount and Client.LastVisit. If you're not using those variables, you should disable that option. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315706 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: client variables log database is huge
It sounds like you are referring to the transaction log portion of a database, and you can definitely expect the transaction log for Client variables database to grow very quickly because they are updated on every hit. Database transaction logs need to be checkpointed or cleared on backup or whatever, but they will grow and this one will grow like crazy. Your DBA needs to handle it. Thanks Mark -Original Message- From: John P [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2008 11:51 AM To: cf-talk Subject: client variables log database is huge I suspect that there may be a problem with our ClientStorage_log database as it's currently at 11.5 gigs and has to be cleared out once a month or so. I freed 4.5 gigs of space on this server by moving files off 2 days ago and within 24 hours that space was filled again. Could this be a security hole that is allowing our clientStorage_log db to get filled so quickly? I don't know the size of the clientStorage_log prior to moving the files off the server but it's by far the largest recently modified file in the past 4 days. Coldfusion MX7 server. Thanks ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315705 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
On 2/16/07, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > should use the industry standard, peer reviewed, time tested design of > HTTP Digest Authentication. See RFC 2617 for details. Hey! Apache still marks that as "experimental"! =] ~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270032 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
Mike Kear said: > > Anyway, he says there's a security issue with using a token > throughout for a session, so each page view has to issue a new > token, and expire the last one. What he wants is called "replay protection". It is considered a solved problem. Instead of using the half-baked design of your client, you should use the industry standard, peer reviewed, time tested design of HTTP Digest Authentication. See RFC 2617 for details. And the good news: it is build in to most browsers and webservers and you can build a custom client variables solution on top of it. Jochem ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269985 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Client variables? reliable enough?
| From: Matt Robertson [mailto:[EMAIL PROTECTED] | By exposing the cfid and cftoken you are announcing to the world what | your session identifier is. In turn you are giving someone the | opportunity to more easily manipulate it. Sure someone can accept a | cookie, read the value off the hard drive and then have the same info | (I suppose you could make the read more difficult by not writing a | cookie to disk and only using a session cookie) but by passing it via | the url you are making the job as easy as possible for the attacker. Another possible security issue is if people e-mail a link from the URL bar to each other, that link will contain the cfid/cftoken then... It doesn't look very clean, and if someone clicks the link before the session has expired, then they are continuing someone elses session. I have a feeling that the client is meaning something else - like no username/password in the cookie or something. Having multiple users sharing the same IP has nothing to do with cookies btw. /Hugo ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269983 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
On 2/15/07, John Blayter <[EMAIL PROTECTED]> wrote: > My $0.02 is that you are going to > end up with something that is damn close to client variables. Seems that way. I consider it obsolete but maybe ont in this case: the first custom tag I wrote is SessionMonger. Done back in the bad old days when I was running CF 3.x on Interland (those bastages!) servers... that rebooted themselves about every three minutes, so CF sessions were worth dookie and I had to have something that survived even a cold reboot. It has expirrations and takes a halfway decent shot at making itself unique. Works without cookies. Don't laugh too hard. This was a long time ago when I first wrote it up: http://cfdj.sys-con.com/read/42032.htm And the tag at Adobe: http://tinyurl.com/2juvou The ancient page for the tag: http://mysecretbase.com/SessionMonger_Home.cfm I'd read that last one first. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269978 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
Even if you pass around the session.urlToken around in the URL if you must use cookies if you want to use session replication. If you can't use cookies, client variables and you must have session replication you are left with rolling your own state management. My $0.02 is that you are going to end up with something that is damn close to client variables. On 2/15/07, Mike Kear <[EMAIL PROTECTED]> wrote: > > His issue about the new token each time is mainly prompted by the > issue of corporate users sharing the same IP.This is an app where > there may be many users in a building accessing the site, and each > will have his/her own permissions set. So he doesnt want one person > having higher access than they deserve by accident. They could grant > their management unit product they havent been approved for. > > So it kind of makes sense. > > This is a product where the unit values are very high and a large > organisation will buy lots of licenses, and one senior person in the > organisation will allow the various operational units to have > specified numbers of licenses and they'll be logging in to manage the > licenses they have a right to. > > So he's not being silly about it, I can see where his mind is on it. > Not quite sure how it's all going to work, that's the problem. > > > Cheers > Mike Kear > Windsor, NSW, Australia > Adobe Certified Advanced ColdFusion Developer > AFP Webworks > http://afpwebworks.com > ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month > > > On 2/16/07, Dinner <[EMAIL PROTECTED]> wrote: > > On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > > > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > > > > Lot of work for not much difference. Might as well set the session > > > > timeout really really low or something, right? > > > > > > If I were trying to find sanity in the desired approach, I'd first > > > have to accept the fact that you *cannot* have cookies. In an > > > environment where site customers are all corporate, and an entire > > > building's worth of buyers could all be sharing the same cookie thanks > > > to some fascist security scheme, the use of cookies can be > > > catastrophic. Been there. So I understand the requirement although I > > > pity to poor guy who has to comply with it. > > > > So we've got to keep it going from request to request, via form or url > > params-- doable, but needs strict "form" to accomplish well (and length > > may be an issue-- thus, the custom token). > > > > Or a smart "render-er", I guess. Pipe normal code thru, out comes > > tokened code? Hrm... pretty damn hard to make [well =]. > > > > > Given that, a short session timeout would not solve the problem. If I > > > was stuck passing url tokens of some kind, a continuously morphing one > > > sounds like a step up from a static one; at least on the surface. > > > > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269976 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
His issue about the new token each time is mainly prompted by the issue of corporate users sharing the same IP.This is an app where there may be many users in a building accessing the site, and each will have his/her own permissions set. So he doesnt want one person having higher access than they deserve by accident. They could grant their management unit product they havent been approved for. So it kind of makes sense. This is a product where the unit values are very high and a large organisation will buy lots of licenses, and one senior person in the organisation will allow the various operational units to have specified numbers of licenses and they'll be logging in to manage the licenses they have a right to. So he's not being silly about it, I can see where his mind is on it. Not quite sure how it's all going to work, that's the problem. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/16/07, Dinner <[EMAIL PROTECTED]> wrote: > On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > > > Lot of work for not much difference. Might as well set the session > > > timeout really really low or something, right? > > > > If I were trying to find sanity in the desired approach, I'd first > > have to accept the fact that you *cannot* have cookies. In an > > environment where site customers are all corporate, and an entire > > building's worth of buyers could all be sharing the same cookie thanks > > to some fascist security scheme, the use of cookies can be > > catastrophic. Been there. So I understand the requirement although I > > pity to poor guy who has to comply with it. > > So we've got to keep it going from request to request, via form or url > params-- doable, but needs strict "form" to accomplish well (and length > may be an issue-- thus, the custom token). > > Or a smart "render-er", I guess. Pipe normal code thru, out comes > tokened code? Hrm... pretty damn hard to make [well =]. > > > Given that, a short session timeout would not solve the problem. If I > > was stuck passing url tokens of some kind, a continuously morphing one > > sounds like a step up from a static one; at least on the surface. > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269974 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > > Lot of work for not much difference. Might as well set the session > > timeout really really low or something, right? > > If I were trying to find sanity in the desired approach, I'd first > have to accept the fact that you *cannot* have cookies. In an > environment where site customers are all corporate, and an entire > building's worth of buyers could all be sharing the same cookie thanks > to some fascist security scheme, the use of cookies can be > catastrophic. Been there. So I understand the requirement although I > pity to poor guy who has to comply with it. So we've got to keep it going from request to request, via form or url params-- doable, but needs strict "form" to accomplish well (and length may be an issue-- thus, the custom token). Or a smart "render-er", I guess. Pipe normal code thru, out comes tokened code? Hrm... pretty damn hard to make [well =]. > Given that, a short session timeout would not solve the problem. If I > was stuck passing url tokens of some kind, a continuously morphing one > sounds like a step up from a static one; at least on the surface. Well, it would achieve the same thing as having a really low session time out-- perhaps not even that much, because the session would time out after a set time, vs. the "manual" session, that presumably just hangs out until the next token comes in (course, you could go that extra mile, and add timeouts, etc.. Might as well do it right, right! ;). The reason you keep it morphing is to prevent someone from stealing it from someplace where it's exposed (hopefully not google) and using it to "impersonate" the "real" session. A low session timeout would accomplish the same thing, sorta. > 'course, I haven't seen "the problem" since a health care industry job > I did like six years ago, so for all I know firewalls are a hell of a > lot smarter now and this client is living in the past and solving a > problem that doesn't exist anymore. Heh. That's a good point. Worthy of talking over w/ d client, fer sure. > Glad its not my job and all I have to do is idly speculate without > really thinking it thru :-) You know what they say about idle hands... ;-) ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269973 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > Lot of work for not much difference. Might as well set the session > timeout really really low or something, right? If I were trying to find sanity in the desired approach, I'd first have to accept the fact that you *cannot* have cookies. In an environment where site customers are all corporate, and an entire building's worth of buyers could all be sharing the same cookie thanks to some fascist security scheme, the use of cookies can be catastrophic. Been there. So I understand the requirement although I pity to poor guy who has to comply with it. Given that, a short session timeout would not solve the problem. If I was stuck passing url tokens of some kind, a continuously morphing one sounds like a step up from a static one; at least on the surface. 'course, I haven't seen "the problem" since a health care industry job I did like six years ago, so for all I know firewalls are a hell of a lot smarter now and this client is living in the past and solving a problem that doesn't exist anymore. Glad its not my job and all I have to do is idly speculate without really thinking it thru :-) -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269972 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > > In theory, it's exactly the same thing as using tokens. So you > > change it with every request-- you've still got to get the old token > > in! Lots of added complexity for the same end result. > > Not the same thing. Whatever hack is in progress would not be able to > count on a constant cfid and cftoken value after the initial read. I was more thinking "in process"-- all you need is one token, and then you submit it back before the "real" user does. Lot of work for not much difference. Might as well set the session timeout really really low or something, right? ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269971 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
On 2/15/07, Josh Nathanson <[EMAIL PROTECTED]> wrote: > Matt, can you explain exactly what the security issues are. By exposing the cfid and cftoken you are announcing to the world what your session identifier is. In turn you are giving someone the opportunity to more easily manipulate it. Sure someone can accept a cookie, read the value off the hard drive and then have the same info (I suppose you could make the read more difficult by not writing a cookie to disk and only using a session cookie) but by passing it via the url you are making the job as easy as possible for the attacker. Its only one thin layer on the onion, but I'd rather have that layer on along with every other one I can get my hands on. On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > In theory, it's exactly the same thing as using tokens. So you > change it with every request-- you've still got to get the old token > in! Lots of added complexity for the same end result. Not the same thing. Whatever hack is in progress would not be able to count on a constant cfid and cftoken value after the initial read. Since it keeps changing the hack would have to adapt to this. The job would be more difficult but its certainly not going to solve the problem of exposing the key pair and make the app bulletproof, by any stretch. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269969 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > His solution is ... well ... mind-boggling. In theory it should work. In theory, it's exactly the same thing as using tokens. So you change it with every request-- you've still got to get the old token in! Lots of added complexity for the same end result. Why not use your own token (thus avoiding same IP/etc. combos) and use some stuff to make sure it's the same IP with each request, etc., so it'll be a little bit protected from session stealing? Something along those lines perhaps... ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269967 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
> He's right... if you take the step of saying no cookies allowed you > have to pass the token around from link to link, exposing it via the > url and that is a security issue. Matt, can you explain exactly what the security issues are. Are you talking about sniffing it over the network (would https help that)? Wouldn't you have to have admin access to the server anyway to do anything with that information, in which case security is compromised already? I don't know much about security so I'm curious - I don't see exactly how having the session id alone would compromise security. -- Josh ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269966 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
good lord that sounds positively insane. He's right... if you take the step of saying no cookies allowed you have to pass the token around from link to link, exposing it via the url and that is a security issue. Caused by the draconian no cookie requirement but its an issue alright. And if its a B2B he may have a higher likelihood of users who are behind firewalls and sharing a single cookie and IP. So he may not be as insane as all that. His solution is ... well ... mind-boggling. In theory it should work. But holy crap talk about making things as difficult as possible. Lets reinvent the wheel and further specify that the wheel cannot simply be round, but rather must travel forward by folding space. Kind of an interesting brain teaser though. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269965 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
I've not quite got it figured out myself. But the cilent has a bit of experience with coldfusion, going back to CF1 and up to CF5.2. So he knows something of what he speaks, but his technical knowledge is dated. Anyway, he says there's a security issue with using a token throughout for a session, so each page view has to issue a new token, and expire the last one. SO i suppose that means in the applicatoin.cfc I have to add something like this (pseudo code) to the onrequeststart() method: gettoken() retrieve state from the database createUUID() set token to be the new UUID I'm not sure how to do it yet. I'm still trying to convince him to let me use client vars! Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On/16/07, Eric Haskins <[EMAIL PROTECTED]> wrote: > "And to add to the fun of it all, we have to have a > new session variable each page request." > > Can you explain this a bit?? What do you mean? > > > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269941 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client variables? reliable enough?
This is absolutley true. There is a DB performance hit with using client vars. But, if your site is not a high volume site or if you are on a shared server with limited Ram, client cariables may be beneficial. ~Ché -Original Message- From: Eric Haskins [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 2:27 PM To: CF-Talk Subject: Re: Client variables? reliable enough? Coming over from php I have always used Session Vars to start off. I have uncovered issues with the Client Vars here in my current position. If you do high volume and have a large customer base you can experience a performance hit with Client Var lookups. Eric ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269940 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
"And to add to the fun of it all, we have to have a new session variable each page request." Can you explain this a bit?? What do you mean? ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269937 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
Coming over from php I have always used Session Vars to start off. I have uncovered issues with the Client Vars here in my current position. If you do high volume and have a large customer base you can experience a performance hit with Client Var lookups. Eric ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269935 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
I have never had to use URLSessionformat() before but it sounds like it's going to be very helpful in this case. Oh and this is a business-to-business shopping cart app, so we do have to maintain state. And to add to the fun of it all, we have to have a new session variable each page request. The server is going to have a lot of grunt and relatively low traffic, so i'm not too worried about dipping into the database every page but it would be better without. And having to wddx structs isnt much of a problem because i dont pass them from page to page much any more. Instead i use beans, which are even harder to pass through client vars. In fact i'd say they're pretty well impossible and will probably need to be persisted to the database and rebuilt each page view. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/16/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > if you're bidding on a job he has just added a nice fat increase to > your bid expense. You will have to pass the key pair around for > everything. All cflocations, form posts, url links. The works. And > exposing the key pair has security implications that imho cannot be > overcome. You basically create an attack surface that otherwise > doesn't exist. > > urlsessionformat() is going to be your friend, sadly. > > As for client vars, I echo what was said with respect to the fact that > it works fine if you design your app to use it from scratch, and > realize its limitations (i.e. no structs unless you want to use cfwddx > to plug them in, which is crazy overhead). > > Cvars are the right tool for SOME jobs but not all of them. Every hit > to your server will generate a hit to your database as the lvisit and > hitcount vars are updated, at minimum. Fine if you plan for it and > know what you're getting into, but session vars are probably a better > option. Since the advent of CF MX I have tried to stay away from > cvars if I can and stick to session vars. > > -- > [EMAIL PROTECTED] > Janitor, The Robertson Team > mysecretbase.com > > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269933 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
if you're bidding on a job he has just added a nice fat increase to your bid expense. You will have to pass the key pair around for everything. All cflocations, form posts, url links. The works. And exposing the key pair has security implications that imho cannot be overcome. You basically create an attack surface that otherwise doesn't exist. urlsessionformat() is going to be your friend, sadly. As for client vars, I echo what was said with respect to the fact that it works fine if you design your app to use it from scratch, and realize its limitations (i.e. no structs unless you want to use cfwddx to plug them in, which is crazy overhead). Cvars are the right tool for SOME jobs but not all of them. Every hit to your server will generate a hit to your database as the lvisit and hitcount vars are updated, at minimum. Fine if you plan for it and know what you're getting into, but session vars are probably a better option. Since the advent of CF MX I have tried to stay away from cvars if I can and stick to session vars. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269928 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client variables? reliable enough?
With no cookies then you'd never have a way of knowing if you have a returning user. Is he okay with that? Is he willing to sacrifice the convenience of his users for this insistence? Andy matthews -Original Message- From: Che Vilnonis [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 12:52 PM To: CF-Talk Subject: RE: Client variables? reliable enough? AFAIK, with NO cookies, you would need to pass the CFID and CFTOKEN in the URL for each request. -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 1:46 PM To: CF-Talk Subject: Re: Client variables? reliable enough? Still negotiating with my client about Clientvars. He's finally said this - what do you make of it [quote] I don't care too much about client vars and how they are implemented as long as there are NO COOKIES used. But be warned, if we have issues with the site in production, they will need to be fixed at your cost. [/quote] Well i dont have a problem with standing behind my own work . i'd expect to have to fix anythign that didnt work properly anyway. But what do you make of the insistence that there can't be any cookies? How do you maintain state, with NO cookies at all? surely as a minimum you have to have a session cookie, dont you? How else do you keep track of sessions? Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote: > i'm using client variables stored in cookies across two load balanced > boxes with dual cf instancesyet to see a problem - running like > this for 2 years! I don't see what the fuss is all about > > john. > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269927 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
You will have to pass them in the url, so every link would need to have CFID and CFTOKEN appended to it. It's a pain but it can be done. If your client wants to have no cookies set at all, even if the user accepts them, don't use URLSessionFormat: this will place a cookie if the user accepts them, or append the CFID/CFTOKEN/jsessionid if they don't. Too bad cookies got such a bad rap. The public at large is terrified of them. I'm sure your client probably has no idea what they are or how they work, and how helpful they can be for developers. -- Josh - Original Message - From: "Mike Kear" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Thursday, February 15, 2007 10:46 AM Subject: Re: Client variables? reliable enough? > Still negotiating with my client about Clientvars. He's finally said > this - what do you make of it > > [quote] > I don't care too much about client vars and how they are implemented > as long as there are NO COOKIES used. But be warned, if we have issues > with the site in production, they will need to be fixed at your cost. > [/quote] > > > Well i dont have a problem with standing behind my own work . i'd > expect to have to fix anythign that didnt work properly anyway. But > what do you make of the insistence that there can't be any cookies? > > How do you maintain state, with NO cookies at all? surely as a > minimum you have to have a session cookie, dont you? How else do you > keep track of sessions? > > Cheers > Mike Kear > Windsor, NSW, Australia > Adobe Certified Advanced ColdFusion Developer > AFP Webworks > http://afpwebworks.com > ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month > > > On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote: >> i'm using client variables stored in cookies across two load balanced >> boxes with dual cf instancesyet to see a problem - running like >> this for 2 years! I don't see what the fuss is all about >> >> john. >> > > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269926 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client variables? reliable enough?
AFAIK, with NO cookies, you would need to pass the CFID and CFTOKEN in the URL for each request. -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 1:46 PM To: CF-Talk Subject: Re: Client variables? reliable enough? Still negotiating with my client about Clientvars. He's finally said this - what do you make of it [quote] I don't care too much about client vars and how they are implemented as long as there are NO COOKIES used. But be warned, if we have issues with the site in production, they will need to be fixed at your cost. [/quote] Well i dont have a problem with standing behind my own work . i'd expect to have to fix anythign that didnt work properly anyway. But what do you make of the insistence that there can't be any cookies? How do you maintain state, with NO cookies at all? surely as a minimum you have to have a session cookie, dont you? How else do you keep track of sessions? Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote: > i'm using client variables stored in cookies across two load balanced > boxes with dual cf instancesyet to see a problem - running like > this for 2 years! I don't see what the fuss is all about > > john. > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269924 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
Still negotiating with my client about Clientvars. He's finally said this - what do you make of it [quote] I don't care too much about client vars and how they are implemented as long as there are NO COOKIES used. But be warned, if we have issues with the site in production, they will need to be fixed at your cost. [/quote] Well i dont have a problem with standing behind my own work . i'd expect to have to fix anythign that didnt work properly anyway. But what do you make of the insistence that there can't be any cookies? How do you maintain state, with NO cookies at all? surely as a minimum you have to have a session cookie, dont you? How else do you keep track of sessions? Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote: > i'm using client variables stored in cookies across two load balanced > boxes with dual cf instancesyet to see a problem - running like > this for 2 years! I don't see what the fuss is all about > > john. > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269921 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables? reliable enough?
i'm using client variables stored in cookies across two load balanced boxes with dual cf instancesyet to see a problem - running like this for 2 years! I don't see what the fuss is all about john. On 2/8/07, Mike Kear <[EMAIL PROTECTED]> wrote: > Neil, can you be a bit more specific please?What sort of issues do you > get with client vars? ( have to make a fundamentail architecture decision > in the next few days - whether or not to use client vars). I need to know > if the issues you had also apply in my situation. > > > Cheers > Mike Kear > Windsor, NSW, Australia > Adobe Certified Advanced ColdFusion Developer > AFP Webworks > http://afpwebworks.com > ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month > > > On 2/6/07, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]> > wrote: > > > > << > if you > > store them in a DB, I would avoid them if you had the choice. > > > > As for no sticky sessions, that only leaves you session replication with > > ColdFusion under J2EE. > > > > > > > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269122 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
Neil, can you be a bit more specific please?What sort of issues do you get with client vars? ( have to make a fundamentail architecture decision in the next few days - whether or not to use client vars). I need to know if the issues you had also apply in my situation. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/6/07, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]> wrote: > > << if you > store them in a DB, I would avoid them if you had the choice. > > As for no sticky sessions, that only leaves you session replication with > ColdFusion under J2EE. > > ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269104 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client variables? reliable enough?
> > What do you make of what the client said? Does it have any merit in > > current versions? Can anyone attest to reliability (or > > otherwise) of > > client vars in CF7? (I should also add there is no chance > > we're going to > > use the registry to store client vars - it's going to be in > > the database if we use them) > > > > My experience has always been bad, they are pretty clunky. > Even worse if you store them in a DB, I would avoid them if > you had the choice. > > As for no sticky sessions, that only leaves you session > replication with ColdFusion under J2EE. > I haven't used client vars in quite some time... No need. But when I did it was with a 4 server CF5 NLB array with an active/passive SQL2000 cluster. The CF machines had a separate SQL instance dedicated to client storage and to be honest, the only problem we had was dealing with the extra bandwidth that the back end needed when we got into the realms of 3000 simultaneous users... In the end, it wasn't the client var traffic that was causing the problem. We solved the bandwidth issue by moving the source code onto the web servers instead of them using the filestore server and used robocopy to keep them in sync... Nowadays I'd use SVN to deploy :) Once we had solved the bandwidth problems, everything was fine. We never had any issues at all with client storage but I will say this... We designed the app from the very beginning to use client storage. We didn't port the code from session etc. I think when you do the latter, you are asking for trouble... As long as you plan well and understand the limits of the client var scope then you should be fine. As an aside, watching SQL profiler do it's thing on a live database with 3000 users on the site is a great way to scare yourself! The speed of the transactions going through is something else! Paul ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:268780 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Client variables? reliable enough?
My experience has always been bad, they are pretty clunky. Even worse if you store them in a DB, I would avoid them if you had the choice. As for no sticky sessions, that only leaves you session replication with ColdFusion under J2EE. "This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -Original Message- From: Mike Kear To: CF-Talk Sent: Tue Feb 06 06:50:37 2007 Subject: Client variables? reliable enough? I sat in a client briefing yesterday, and he said something that made me sit up and take notice,could he be right? I havent used Client variables since CF5, so I dont know if they are good now or not, but i didnt have a problem back in the CF5 days but here's what my client said (he has a lot of experience with CF going back to CF1, but he hasnt done much CF coding since CF5.1) He said, "dont use client variables, because they seem ok but in practice they always cause problems.I want you to write your own state maintenance stuff. I don't want you to use sticky sessions either because if a server goes down the other machine doesnt know the state." The environment is going to be two or three servers running CF7 enterprise, not sure if we're going Linux or Windows yet. What do you make of what the client said? Does it have any merit in current versions? Can anyone attest to reliability (or otherwise) of client vars in CF7? (I should also add there is no chance we're going to use the registry to store client vars - it's going to be in the database if we use them) -- Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:268778 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables in MySQL
On Friday 07 April 2006 23:58, Jim McAtee wrote: > But does CF5 utilize transactions (if available) for client variable > storage? Hope so. -- Tom Chiverton Advanced ColdFusion Programmer ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237326 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client Variables in MySQL
Jim McAtee wrote: > - Original Message - > From: "Jochem van Dieten" <[EMAIL PROTECTED]> > To: "CF-Talk" > Sent: Saturday, April 08, 2006 2:13 AM > Subject: Re: Client Variables in MySQL > > >> Jim McAtee wrote: >>> Are there any good reasons to use InnoDB for CF client varible storage >>> in >>> MySQL, or are MyISAM tables sufficient? >> Yes: >> http://dev.mysql.com/doc/refman/4.1/en/internal-locking.html?ff=nopfpls > > > Yes, what? A or B? Locking can be a good reason to use InnoDB. MyISAM always locks the entire table, InnoDB locks individual rows. Jochem ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237250 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client Variables in MySQL
- Original Message - From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Saturday, April 08, 2006 2:13 AM Subject: Re: Client Variables in MySQL > Jim McAtee wrote: >> Are there any good reasons to use InnoDB for CF client varible storage >> in >> MySQL, or are MyISAM tables sufficient? > > Yes: > http://dev.mysql.com/doc/refman/4.1/en/internal-locking.html?ff=nopfpls Yes, what? A or B? ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237241 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client Variables in MySQL
Jim McAtee wrote: > Are there any good reasons to use InnoDB for CF client varible storage in > MySQL, or are MyISAM tables sufficient? Yes: http://dev.mysql.com/doc/refman/4.1/en/internal-locking.html?ff=nopfpls Jochem ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237224 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client Variables in MySQL
But does CF5 utilize transactions (if available) for client variable storage? - Original Message - From: "Munson, Jacob" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, April 07, 2006 4:36 PM Subject: RE: Client Variables in MySQL > It's been a while, but I'm pretty sure that innoDB gives you > transactions, if you need those. > >> -Original Message- >> From: Jim McAtee [mailto:[EMAIL PROTECTED] >> Sent: Friday, April 07, 2006 4:23 PM >> >> Are there any good reasons to use InnoDB for CF client >> varible storage in >> MySQL, or are MyISAM tables sufficient? Running CF5. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237213 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Client Variables in MySQL
It's been a while, but I'm pretty sure that innoDB gives you transactions, if you need those. > -Original Message- > From: Jim McAtee [mailto:[EMAIL PROTECTED] > Sent: Friday, April 07, 2006 4:23 PM > > Are there any good reasons to use InnoDB for CF client > varible storage in > MySQL, or are MyISAM tables sufficient? Running CF5. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237212 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client variables
http://depressedpress.com/Content/Development/ColdFusion/Guides/Variables/Index.cfm On 10/8/05, Saturday (Stuart Kidd) <[EMAIL PROTECTED]> wrote: > Hi guys, > > I have a competition on my site. When a user enters the competition > I set a client variable: > > > > > I tested the competition a few days ago and now when i come to look > at it I can see that the Client variable > client.competitionEntry#url.ID# must still be equalling 1 as this > line is in effect: > > > ('client.competitionEntry#url.ID#')> > > Show competition form here. > > > > > You have entered this competition. > > I automatically thought that client variables would end once the > browser has been closed? I have had my Mac switched off overnight, > how could this be? > > Anyone who can shed some light on this I'd be very grateful. > > Thanks, > > Saturday > > > ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220479 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Client variables
Have a look at this, this will clear some of this up for you. http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915 Basically you need to set per-session cookies. Taco Fleur - CEO Pacific Fox http://www.pacificfox.com.au an industry leader with commercial IT experience since 1994 . ** Web Design and Development ** SMS Solutions, including developer API ** Domain Registration, .com for as low as AUSD$15 a year ** Seamless Merchant integration ** We endorse PayPal, accept payments online now! > -Original Message- > From: Saturday (Stuart Kidd) [mailto:[EMAIL PROTECTED] > Sent: Saturday, 8 October 2005 6:36 PM > To: CF-Talk > Subject: Client variables > > > Hi guys, > > I have a competition on my site. When a user enters the competition > I set a client variable: > > > > I tested the competition a few days ago and now when i come to look > at it I can see that the Client variable > client.competitionEntry#url.ID# must still be equalling 1 as this > line is in effect: > > > ('client.competitionEntry#url.ID#')> > > Show competition form here. > > > > > You have entered this competition. > > I automatically thought that client variables would end once the > browser has been closed? I have had my Mac switched off overnight, > how could this be? > > Anyone who can shed some light on this I'd be very grateful. > > Thanks, > > Saturday > > > ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220478 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: client variables and subdomains
Note in my first post I said "...You are ***supposed*** to be able to fix this by adding ..." I'm afraid my experience mirrors yours. However, did you try deleting the cookies your test system had already set to see if a fresh start solved the issue? That may be what it takes to get this accomplished... but then again if you are trying to refit an app you'll have zillions of existing users for whom you will also have refit -- manually with a cookie deletion. Do-able but pesky. You are using client variables as they are actually meant to be used -- truly long-term persistent storage. I use them in place of session vars because I am stuck with CF5 clustering support, expire them within minutes and not weeks etc. Given the traffic levels you referenced elsewhere, you must have an enormous cvar database -- as in lots of records -- if as you say you are storing those records for months. IIRC, if CF creates the cvar db's itself they aren't indexed so well. Have you thought to look into this and maybe make an adjustment there? I'm going off of hazy recollection here so I may be wrong, but its worth looking into. What is your db platform, anyway? Is it on the same server? -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:206013 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: client variables and subdomains
Hey Matt, Hmm, setdomaincookies=YES doesn't seem to help either. Server still creating different instances for www.domain.com and .domain.com. My use of client variables is actually pretty minor -- I just use a couple to store an integer key to a user table, and an encrypted password. When a user returns to the site, I use those two client.vars to setup session info, tailor output, etc. I suppose I could just use CFCOOKIEs for this and have greater control over how the cookies are set. Re: session variables and CFMX. As I understand them, session variables in CFMX persist only as long as the browser is open, so wouldn't they be ill suited for the use outlined above, that of identifying returning visitors who may have been away for months? I'll check out the link you provided. Thanks, Terry >it is the default behavior. You are supposed to be able to fix this >by adding "setdomaincookies="yes" in /Application.cfm. > >This is one of the server side code gotchas I was alluding to in your >other thread. I have to rely on client vars for practically >*everything* insofar as state info and I just friggin' hate the grief >that goes with client vars in cookies. If you've got MX you can use >session vars and save yourself a TON of grief. > >Have you checked out the CFMX Coding Standards? This page seems pertinent: > >http://livedocs.macromedia.com/wtg/public/coding_standards/structure.html > >-- >--mattRobertson-- >Janitor, MSB Web Systems >mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205999 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: client variables and subdomains
it is the default behavior. You are supposed to be able to fix this by adding "setdomaincookies="yes" in /Application.cfm. This is one of the server side code gotchas I was alluding to in your other thread. I have to rely on client vars for practically *everything* insofar as state info and I just friggin' hate the grief that goes with client vars in cookies. If you've got MX you can use session vars and save yourself a TON of grief. Have you checked out the CFMX Coding Standards? This page seems pertinent: http://livedocs.macromedia.com/wtg/public/coding_standards/structure.html -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205997 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Client variables, registry vs. database
Well, an alternate solution is to use cookies for storage (registry is bad). You'd have to be careful what you put in there for security reasons, as well as space reasons. I'd suggest limiting as much as possible putting anything into the client scope, and if at all possible, stop using it altogether. You can use cookies directly for identifiers and then use actual database tables to store user information that needs to persist beyond a session. Otherwise you can use sessions to store shorter term needs. - Calvin -Original Message- From: Chad Nikirk [mailto:[EMAIL PROTECTED] Sent: Thursday, February 03, 2005 12:09 PM To: CF-Talk Subject: Client variables, registry vs. database Hi, I have been using cfmx 6.1 for quite a while and have the client variable storage set to database. I have a very nice beefy sql server that houses the coldfusion database. Our site runs ok, but after running sql profiler, I could tell that the database access times are kind of slow. Just for a test I switched over to registry and everything is much, much faster. I do not want to leave my settings on registry. Is it normal to see such a drastic difference in speed between registry and database? The coldfusion database has the appropiate indexes and is not under any other substantial load. Thoughts? Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192946 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client variables, registry vs. database
On Thu, 03 Feb 2005 13:08:41 -0400, Chad Nikirk <[EMAIL PROTECTED]> wrote: > I have been using cfmx 6.1 for quite a while and have the client variable > storage set to database. I have a very nice beefy sql server that houses the > coldfusion database. What are you actually using client variables for? There are a number of pitfalls with them (performance being one, as you've discovered). See also this Tech Note: http://www.macromedia.com/go/2c12f978 > Is it normal to see such a drastic difference in speed between registry and > database? Depending on what you're doing with your client variables, yes, quite possibly. If your application relies that heavily on client variables tho', putting them in the registry is going to cause you a world of hurt as the registry grows etc. "Client variables - just say no!" -- Sean A Corfield -- http://www.corfield.org/ Team Fusebox -- http://www.fusebox.org/ Breeze Me! -- http://www.corfield.org/breezeme Got Gmail? -- I have 50, yes 50, invites to give away! "If you're not annoying somebody, you're not really alive." -- Margaret Atwood ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192931 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Client variables, registry vs. database
Registry is obviously going to be faster as the OS can access those values quicker than they can ask a database for those values. However, using the registry is not recommended as the bigger your registry gets, the slower your server will get. -Adam On Thu, 03 Feb 2005 13:08:41 -0400, Chad Nikirk <[EMAIL PROTECTED]> wrote: > Hi, > > I have been using cfmx 6.1 for quite a while and have the client variable > storage set to database. I have a very nice beefy sql server that houses the > coldfusion database. > > Our site runs ok, but after running sql profiler, I could tell that the > database access times are kind of slow. Just for a test I switched over to > registry and everything is much, much faster. I do not want to leave my > settings on registry. > > Is it normal to see such a drastic difference in speed between registry and > database? The coldfusion database has the appropiate indexes and is not > under any other substantial load. Thoughts? Thanks. > > ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192923 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: client variables question
> if I want to use an existing client variables database, and I > don't want cfmx to try and create the tables...how can I force > that? Simply leave the "create tables" option unchecked within CF Administrator when setting up your client repository. > or maybe the question is...how portable are client var > databases? it seems like cfmx wants to create the tables, > and if it cant, your screwed? No, you can create them manually, or not create them at all if they're already there. This is actually something commonly done. For example, if you have a cluster of servers using the same client variable repository, you'd only create the tables for the first server, then set up each other server to use the same client variable repository without recreating the tables. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: client variables question
On Sun, 2004-04-25 at 12:23, Tony Weeg wrote: > hi there. > > if I want to use an existing client variables database, and I don't want > cfmx to try and create the tables...how can I force that? There is a check box when setting up the client variables that says something like "create tables". I think if you don't see that check box it means cfmx doesn't know the proper commands to create the tables for you. > or maybe the question is...how portable are client var databases? it > seems like > cfmx wants to create the tables, and if it cant, your screwed? If it can't create the tables, you can make them yourself - hit help on the client var setup page and it'll tell you the table names to use and what types/column names to make in the tables. -- Rob <[EMAIL PROTECTED]> [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Client Variables and Uniqueness in a Load-Balanced Server Environment
Dave Carabetta wrote: > > I would definitely check the "Use UUID" option the in the Admin. When we > were using the numeric CFTOKEN value, we ran in to all sorts of problems in > our load balanaced environment with duplicate values and "stealing" other > people's sessions. The alogorithm for generating the UUID uses the system > clock time down to the millisecond (among other things), so for all intents > and purposes, it's realistically impossible to have duplicate values. The year 3400 is for UUIDs what the year 2000 is for 2 digit years and the year 2037 for Unix dates: they roll over. So you really should document somewhere that your application needs to be revised by about the year 3300. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables and Uniqueness in a Load-Balanced Server Environment
>(Not sure if this went through yesterday in the midst of virus-related >stuff, so forgive me if this is a double-post). > >I should know the answer to this, but I want to make sure that I'm thinking >this through correctly. > >I have websites running on load balanced web servers (one group running >CFMX, one group running CF4.5 (which won't be around much longer - it's >being migrated to MX)). I want to move the client variables to a >datasource instead of the registry so that we can actually start using them >if we want to. > Smart move. Keeping them in the registry will kill you down the road. >I assume that all web/CF servers should be pointing to the same db for >their client variable storage (my plan was to point all MX servers to one >db and all 4.5 servers to a second db). This is correct, yes? > >If this does happen, is there a risk that two servers will generate the >same CFID and CFTOKEN values for two separate users? Should I therefore be >checking the "Use UUID for cftoken" setting in the "Settings" section in >the CF admin (on the MX servers)? I found the following technote >(http://www.macromedia.com/support/coldfusion/ts/documents/tn18133.htm), >which I assume takes care of this problem for 4.5 servers. > I would definitely check the "Use UUID" option the in the Admin. When we were using the numeric CFTOKEN value, we ran in to all sorts of problems in our load balanaced environment with duplicate values and "stealing" other people's sessions. The alogorithm for generating the UUID uses the system clock time down to the millisecond (among other things), so for all intents and purposes, it's realistically impossible to have duplicate values. However, there is one caveat to keep in mind. When you check this option, new values won't be set for clients with existing cookies with the CFID/CFTOKEN value. Checking this option (and I believe you also have to restart the CF service) only applies to *new* cookies being set on the client. So if you want to migrate your client's over to the UUID cftoken, you will have to write a small script to update their values (which isn't hard, but I've never been a fan of manually messing with the cfid/cftoken values). Regards, Dave. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
Actually Mike, that appears to be working so maybe that's right! :-) -Original Message- From: Mike Townend [mailto:[EMAIL PROTECTED] Sent: 21 January 2004 14:27 To: CF-Talk Subject: RE: Client Variables If you dont want to use sessions then you could use the timestamping thats included in client variables Client.LastVisit Client.TimeCreated And then in Application.cfm if Client.LastVisit is greater than say Now() - 10 minutes then run some code to log them out. HTH -Original Message- From: Stuart Kidd [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 14:22 To: CF-Talk Subject: Client Variables Hi guys, I've just switched from the mailing list to this one as i'm no longer in Australia but in the UK. Is this the UK mailing list? Anyhow, i've got an app in which i'm using Client variables. The only thing i'm not happy with is that they don't time out. Is there a way to make them timeout say like after 20 mins of no activity (and/or when the browser is closed)? Or do i have to turn to Sessions? Any help would be gratefully appreciated. Thanks, Saturday _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
Thanks for that Andrew I'll see if I can give that a bash. Cheers, -Original Message- From: Andrew Scott [mailto:[EMAIL PROTECTED] Sent: 21 January 2004 23:32 To: CF-Talk Subject: RE: Client Variables Stuart, You did get a basic answer but I will pipe in anyway... Client variables are the same as session and application, they are based on the cfid & cftoken. I use client variables for login and logout for my members. The easiest thing to deal with is to expire the cfid & cftoken cookies, this will also allow for the client variable to become non existent if the browser is closed as well. Now when you look at your cfide/adminstrator settings client variables can be used to have a lastvisit but please bare in mind that will not be the best way to retire someone who needs to be retired. The reason behind this is that cf can change depending on your admin settings, before your code actually runs. What I do is create another variable in the client scope to deal with this, and only reset this if the verification is ok. Regards Andrew Scott Technical Consultant NuSphere Pty Ltd Level 2/33 Bank Street South Melbourne, Victoria, 3205 Phone: 03 9686 0485 - Fax: 03 9699 7976 _ From: Stuart Kidd [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 January 2004 1:35 AM To: CF-Talk Subject: RE: Client Variables of Thanks Mike and Simon, between the two of you i have both my questions answered. :) -- Original Message -- From: "Simon Horwith" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 21 Jan 2004 14:27:37 - >The big list in the UK (also used by many other EU nationals) can be found >at http://lists.cfdeveloper.co.uk >You can also find out about the London CF Community at >http://www.ukcfug.org - the London CFUG site. > >In answer to your question, you use the deleteClientVariable() function to >manually delete a client variable. You can also purge them from the source >in which they're stored (DB, Reg., or Cookie). > >~Simon > >Simon Horwith >CTO, Etrilogy Ltd. >Member of Team Macromedia >Macromedia Certified Instructor >Certified Advanced ColdFusion MX Developer >Certified Flash MX Developer >CFDJList - List Administrator >http://www.how2cf.com/ > > -Original Message- > From: Stuart Kidd [mailto:[EMAIL PROTECTED] > Sent: 21 January 2004 14:22 > To: CF-Talk > Subject: Client Variables > > > Hi guys, > > I've just switched from the mailing list to this one as i'm no >longer in Australia but in the UK. Is this the UK mailing list? > > Anyhow, i've got an app in which i'm using Client variables. The only >thing i'm not happy with is that they don't time out. Is there a way to >make them timeout say like after 20 mins of no activity (and/or when the >browser is closed)? > > Or do i have to turn to Sessions? > > Any help would be gratefully appreciated. > > Thanks, > > Saturday > > _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
Stuart, You did get a basic answer but I will pipe in anyway... Client variables are the same as session and application, they are based on the cfid & cftoken. I use client variables for login and logout for my members. The easiest thing to deal with is to expire the cfid & cftoken cookies, this will also allow for the client variable to become non existent if the browser is closed as well. Now when you look at your cfide/adminstrator settings client variables can be used to have a lastvisit but please bare in mind that will not be the best way to retire someone who needs to be retired. The reason behind this is that cf can change depending on your admin settings, before your code actually runs. What I do is create another variable in the client scope to deal with this, and only reset this if the verification is ok. Regards Andrew Scott Technical Consultant NuSphere Pty Ltd Level 2/33 Bank Street South Melbourne, Victoria, 3205 Phone: 03 9686 0485 - Fax: 03 9699 7976 _ From: Stuart Kidd [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 January 2004 1:35 AM To: CF-Talk Subject: RE: Client Variables of Thanks Mike and Simon, between the two of you i have both my questions answered. :) -- Original Message -- From: "Simon Horwith" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 21 Jan 2004 14:27:37 - >The big list in the UK (also used by many other EU nationals) can be found >at http://lists.cfdeveloper.co.uk >You can also find out about the London CF Community at >http://www.ukcfug.org - the London CFUG site. > >In answer to your question, you use the deleteClientVariable() function to >manually delete a client variable. You can also purge them from the source >in which they're stored (DB, Reg., or Cookie). > >~Simon > >Simon Horwith >CTO, Etrilogy Ltd. >Member of Team Macromedia >Macromedia Certified Instructor >Certified Advanced ColdFusion MX Developer >Certified Flash MX Developer >CFDJList - List Administrator >http://www.how2cf.com/ > > -Original Message- > From: Stuart Kidd [mailto:[EMAIL PROTECTED] > Sent: 21 January 2004 14:22 > To: CF-Talk > Subject: Client Variables > > > Hi guys, > > I've just switched from the mailing list to this one as i'm no >longer in Australia but in the UK. Is this the UK mailing list? > > Anyhow, i've got an app in which i'm using Client variables. The only >thing i'm not happy with is that they don't time out. Is there a way to >make them timeout say like after 20 mins of no activity (and/or when the >browser is closed)? > > Or do i have to turn to Sessions? > > Any help would be gratefully appreciated. > > Thanks, > > Saturday > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
> Anyhow, i've got an app in which i'm using Client variables. > The only thing i'm not happy with is that they don't time > out. Is there a way to make them timeout say like after 20 > mins of no activity (and/or when the browser is closed)? > > Or do i have to turn to Sessions? You can control the cookies used to associate a browser with a set of Client variables; you can make the cookies into session cookies, which will be destroyed when the browser is closed. You can probably make them short-lived in addition, although it's not usually as important to have Client variables time out as it is for Session variables since they aren't stored in memory. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
of Thanks Mike and Simon, between the two of you i have both my questions answered. :) -- Original Message -- From: "Simon Horwith" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 21 Jan 2004 14:27:37 - >The big list in the UK (also used by many other EU nationals) can be found >at http://lists.cfdeveloper.co.uk >You can also find out about the London CF Community at >http://www.ukcfug.org - the London CFUG site. > >In answer to your question, you use the deleteClientVariable() function to >manually delete a client variable. You can also purge them from the source >in which they're stored (DB, Reg., or Cookie). > >~Simon > >Simon Horwith >CTO, Etrilogy Ltd. >Member of Team Macromedia >Macromedia Certified Instructor >Certified Advanced ColdFusion MX Developer >Certified Flash MX Developer >CFDJList - List Administrator >http://www.how2cf.com/ > > -Original Message- > From: Stuart Kidd [mailto:[EMAIL PROTECTED] > Sent: 21 January 2004 14:22 > To: CF-Talk > Subject: Client Variables > > > Hi guys, > > I've just switched from the mailing list to this one as i'm no >longer in Australia but in the UK. Is this the UK mailing list? > > Anyhow, i've got an app in which i'm using Client variables. The only >thing i'm not happy with is that they don't time out. Is there a way to >make them timeout say like after 20 mins of no activity (and/or when the >browser is closed)? > > Or do i have to turn to Sessions? > > Any help would be gratefully appreciated. > > Thanks, > > Saturday > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
The big list in the UK (also used by many other EU nationals) can be found at http://lists.cfdeveloper.co.uk You can also find out about the London CF Community at http://www.ukcfug.org - the London CFUG site. In answer to your question, you use the deleteClientVariable() function to manually delete a client variable. You can also purge them from the source in which they're stored (DB, Reg., or Cookie). ~Simon Simon Horwith CTO, Etrilogy Ltd. Member of Team Macromedia Macromedia Certified Instructor Certified Advanced ColdFusion MX Developer Certified Flash MX Developer CFDJList - List Administrator http://www.how2cf.com/ -Original Message- From: Stuart Kidd [mailto:[EMAIL PROTECTED] Sent: 21 January 2004 14:22 To: CF-Talk Subject: Client Variables Hi guys, I've just switched from the mailing list to this one as i'm no longer in Australia but in the UK. Is this the UK mailing list? Anyhow, i've got an app in which i'm using Client variables. The only thing i'm not happy with is that they don't time out. Is there a way to make them timeout say like after 20 mins of no activity (and/or when the browser is closed)? Or do i have to turn to Sessions? Any help would be gratefully appreciated. Thanks, Saturday [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Client Variables
If you dont want to use sessions then you could use the timestamping thats included in client variables Client.LastVisit Client.TimeCreated And then in Application.cfm if Client.LastVisit is greater than say Now() - 10 minutes then run some code to log them out. HTH -Original Message- From: Stuart Kidd [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 14:22 To: CF-Talk Subject: Client Variables Hi guys, I've just switched from the mailing list to this one as i'm no longer in Australia but in the UK. Is this the UK mailing list? Anyhow, i've got an app in which i'm using Client variables. The only thing i'm not happy with is that they don't time out. Is there a way to make them timeout say like after 20 mins of no activity (and/or when the browser is closed)? Or do i have to turn to Sessions? Any help would be gratefully appreciated. Thanks, Saturday _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: client variables ??
CDATA and CGLOBAL tables are created when you're in the ColdFusion Administrator and specify that you want to use a database to store client/session variables. Take a look in the ColdFusion Administrator for more information/control on which database you want those tables in. -Novak - Original Message - From: "Tim Laureska" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 2003 8:47 PM Subject: client variables ?? > How does CF know which table within a DB to store client variables in? > Does CF create the table? > > In one attempt at this I found two tables called CDATA and CGLOBAL that > I had not created in the database... were these automatically created by > CF? > > I deleted these two tables just to see what would happen... but when I > accessed the application again, the tables did not come back ?? > > Here's an excert from the application.cfm > > clientmanagement="yes" > clientstorage="jobs_available" > SessionManagement="yes" > SessionTimeout=#CreateTimeSpan(0,0,0,30)# > ApplicationTimeout=#CreateTimeSpan(30,0,0,0)#> > > > Stumbling & fumbling thru seesion/client variables I go > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: client variables ??
In the cfadministrator, under the client variable settings, you can select an option to create these tables automatically. Brook At 11:47 PM 8/13/2003 -0400, you wrote: >How does CF know which table within a DB to store client variables in? >Does CF create the table? > >In one attempt at this I found two tables called CDATA and CGLOBAL that >I had not created in the database... were these automatically created by >CF? > >I deleted these two tables just to see what would happen... but when I >accessed the application again, the tables did not come back ?? > >Here's an excert from the application.cfm > >clientmanagement="yes" >clientstorage="jobs_available" >SessionManagement="yes" >SessionTimeout=#CreateTimeSpan(0,0,0,30)# >ApplicationTimeout=#CreateTimeSpan(30,0,0,0)#> > > >Stumbling & fumbling thru seesion/client variables I go > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: client variables problem on MX
>I think I have the same problem with client vars. But in my case one out of >every ~5000 users gets an error. > >"null null >The error occurred on line 4." > >Line 4 is the . > >Does this sound like the same problem? > >I have been trying to track this problem down. > >I saw something a few months ago in the MM forums. I have not hade time to >go back and check it out. This is the first week that I have not been under >the gun to crank projects out. > >If you are having the same problem, and find a fix email me. I will do the >same. I'm not getting an error. I'm just getting cfid and cftoken set blank. This causing everyone to share the same client variables. Crystal Tech acts like they don't believe me. -- Bud Schneehagen - Tropical Web Creations, Inc. _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Web Based Solutions / eCommerce Development & Hosting http://www.twcreations.com/ - http://www.cf-ezcart.com/ 954.721.3452 - Toll Free: 877.207.6397 - Fax: 954.721.7493 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: client variables problem on MX
I think I have the same problem with client vars. But in my case one out of every ~5000 users gets an error. "null null The error occurred on line 4." Line 4 is the . Does this sound like the same problem? I have been trying to track this problem down. I saw something a few months ago in the MM forums. I have not hade time to go back and check it out. This is the first week that I have not been under the gun to crank projects out. If you are having the same problem, and find a fix email me. I will do the same. Mark W. Breneman -Macromedia Certified ColdFusion Developer -Network / Web Server Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -Original Message- From: Bud [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 4:05 PM To: CF-Talk Subject: client variables problem on MX Hi all. I have a ticket into Crystal Tech support on this, but I thought I'd try for some feedback here also. What is happening is, client.cfid and client.cftoken are coming up blank. This is only on Windows on IE 5 and 6, and only when cookies are enabled. At login I set a client variable of client.mem_id. When the next user comes to the site using IE on Windows, he is automatically logged in as the previous user because CFID and CFTOKEN match for both (they are blank). UGH! Anyone run into this? Is this supposed to be happening? I'd expect not because it only happens on IE. Is there a way to check if cfid and/or cftoken are blank and manually set them? -- Bud Schneehagen - Tropical Web Creations, Inc. _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Web Based Solutions / eCommerce Development & Hosting http://www.twcreations.com/ - http://www.cf-ezcart.com/ 954.721.3452 - Toll Free: 877.207.6397 - Fax: 954.721.7493 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables and SSL problem
- Original Message - From: "Andre Turrettini" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, May 28, 2003 3:33 PM Subject: RE: Client variables and SSL problem > you might try appending the cfidtoken to the url on the links that move to > ssl. This would only fix it if indeed the cookie is getting lost or > something. This would probably be cleint specific and explain why it only > happens to certain accounts. > > DRE > Another good suggestion -- but already doing that. Looks like it was a conflict between client variables set when the user originally logged in using http and other times when they logged in using https -- there are a pair of client ids for most of our frequent users. Regards, John Paul Ashenfelter CTO/TransitionPoint ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables and SSL problem
- Original Message - From: "Bryan Love" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, May 28, 2003 3:18 PM Subject: RE: Client variables and SSL problem > As you know, client variables are keyed off of cfid and cftoken which MUST > be passed via cookie or url in order to maintain state. What you might not > know is that client variables are also keyed off of the application name (as > specified in ). Make sure the application name is the > same for the http site and the https site and perhaps that will fix it. > Another good suggestion, but no dice. Doublechecked the database (client variables are stored in MSSQL via ODBC) and only one application name. I *did* notice that many users have multiple clientId values (I searched through the CDATA.data field for usernames to find dupes). These map fairly well to http vs https logins and I validated the same thing from a test server -- I can watch the cfid change when I login http and login https from the same browser on the same machine. So I'm rewriting the security system now :) Regards, John Paul Ashenfelter CTO/TransitionPoint ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client variables and SSL problem
you might try appending the cfidtoken to the url on the links that move to ssl. This would only fix it if indeed the cookie is getting lost or something. This would probably be cleint specific and explain why it only happens to certain accounts. DRE > -Original Message- > From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 28, 2003 10:54 AM > To: CF-Talk > Subject: Re: Client variables and SSL problem > > > From: "Calvin Ward" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, May 28, 2003 11:58 AM > Subject: Re: Client variables and SSL problem > > > > My inclination is that HTTPS and HTTP are considered 'seperate' > > domains. > > > > I would consider tracking down why the user is being > switched back and > > forth, and if possible keep them in one place. > > > > Calvin > > > > That was my first guess -- it certainly *IS* true for > session-scoped variables. But the problem is sporadic, not > consistent. I've got several accounts that work fine, others > than consistently don't. So it's not something that straightforward. > > Regards, > > John Paul Ashenfelter > CTO/TransitionPoint > - Original Message - > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client variables and SSL problem
As you know, client variables are keyed off of cfid and cftoken which MUST be passed via cookie or url in order to maintain state. What you might not know is that client variables are also keyed off of the application name (as specified in ). Make sure the application name is the same for the http site and the https site and perhaps that will fix it. +---+ Bryan Love Database Analyst Macromedia Certified Professional Internet Application Developer TeleCommunication Systems [EMAIL PROTECTED] +---+ "...'If there must be trouble, let it be in my day, that my child may have peace'..." - Thomas Paine, The American Crisis "Let's Roll" - Todd Beamer, Flight 93 -Original Message- From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 7:26 AM To: CF-Talk Subject: Client variables and SSL problem Hi folks, I'm working with a client who has a legacy (read that as pretty poorly written) ColdFusion 5 application and I'm experiencing some weirdness with client-scoped variables when the protocol changes from http to https (which it does somewhat randomly on their site). Client variables hold the login information. Everything works fine for users on the http portion of the site. Many users (NOT all -- some work fine) get the "you are not a registered user, please login" which is triggered by the absense of client variables when they move from the http portion of the site to https. The problem has gotten worse recently, which correlates with some changes I have made. I enabled "setDomainCookies" since the site is moving to a cluster. I moved the physical location of the client variable storage from one MSSQL database (on the same box) to a dedicated database server -- I copied the client variable storage database from the original to the new machine. I've also renamed the underlying machine for the web site (again, as part of the cluster rollout) and it's a Win2k box running Apache 1.3 and OpenSSL (which is possibly relevant since SSL/https is where the issue occurs). Any ideas? I'm coming through the code archives to see if anything else changed, but I'm puzzled. I honestly think there's some pretty bad code in the whole security process, but the site was working more reliably in the past so it can't simply be "the code is garbage". Regards, John Paul Ashenfelter CTO/TransitionPoint ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables and SSL problem
From: "Calvin Ward" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, May 28, 2003 11:58 AM Subject: Re: Client variables and SSL problem > My inclination is that HTTPS and HTTP are considered 'seperate' domains. > > I would consider tracking down why the user is being switched back and > forth, and if possible keep them in one place. > > Calvin > That was my first guess -- it certainly *IS* true for session-scoped variables. But the problem is sporadic, not consistent. I've got several accounts that work fine, others than consistently don't. So it's not something that straightforward. Regards, John Paul Ashenfelter CTO/TransitionPoint - Original Message - ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client variables and SSL problem
My inclination is that HTTPS and HTTP are considered 'seperate' domains. I would consider tracking down why the user is being switched back and forth, and if possible keep them in one place. Calvin - Original Message - From: "John Paul Ashenfelter" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, May 28, 2003 10:25 AM Subject: Client variables and SSL problem > Hi folks, > > I'm working with a client who has a legacy (read that as pretty poorly written) ColdFusion 5 application and I'm experiencing some weirdness with client-scoped variables when the protocol changes from http to https (which it does somewhat randomly on their site). > > Client variables hold the login information. Everything works fine for users on the http portion of the site. Many users (NOT all -- some work fine) get the "you are not a registered user, please login" which is triggered by the absense of client variables when they move from the http portion of the site to https. > > The problem has gotten worse recently, which correlates with some changes I have made. I enabled "setDomainCookies" since the site is moving to a cluster. I moved the physical location of the client variable storage from one MSSQL database (on the same box) to a dedicated database server -- I copied the client variable storage database from the original to the new machine. I've also renamed the underlying machine for the web site (again, as part of the cluster rollout) and it's a Win2k box running Apache 1.3 and OpenSSL (which is possibly relevant since SSL/https is where the issue occurs). > > Any ideas? I'm coming through the code archives to see if anything else changed, but I'm puzzled. I honestly think there's some pretty bad code in the whole security process, but the site was working more reliably in the past so it can't simply be "the code is garbage". > > Regards, > > John Paul Ashenfelter > CTO/TransitionPoint > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
That is correct... The CF5.0 does tend to give out the same CFTOKENs/CFID pairs which cause a lot of security issues when you're relying soley on the CFTOKEN/CFID pair to be unique. There is an article on MM's site that tells you how to edit your registry to move your CFTOKENs to a 32 Bit UUID...and on top of that, we implemented a UUID Pair Value System outside of the CFID/CFTOKEN system that plants a Unique UUID() on the Customer's machine and sets a client variable to the same. If they ever become out of sync, we reset their CFTOKEN/CFID Pair and start over. It seems to have resolved the issue. Even with th 32Bit UUID for the CFTOKEN, we were still getting the odd complaint of client variable swapping/session swapping. On top of that we also followed Ebay's & as someone mentioned Amazon's example of forcing login to edit/view all sensitive data. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
Howard Owens wrote: >It seems like this wouldn't work in on clustered servers, if I >understand your suggestion correctly -- to check for the >session var on interior pages. But it does with a cvar. Of course you have to expire the thing in minutes like a session var. Got the following from Hal Helms site. Settings.SessionLasts is a numeric value taken from a query: ...expire your session-specific cvars here... --- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- -- Original Message -- From: "Owens, Howard" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Thu, 30 Jan 2003 15:09:48 -0800 > >H. > > >> -Original Message- >> From:Tilbrook, Peter [SMTP:[EMAIL PROTECTED]] >> Sent:Thursday, January 30, 2003 3:01 PM >> To: CF-Talk >> Subject: RE: Client Variables - Serious Problem >> >> You need a way to detect if a browser has come into the site correctly, >> ideally the home page, so set a Session variable on the home page >> somewhere. >> At the top of your other pages test if this variable exists and if it >> doesn't do a CFLOCATION to the home page with ADDUURL="yes". >> >> -Original Message- >> From: Webmaster [mailto:[EMAIL PROTECTED]] >> Sent: Friday, 31 January 2003 9:46 AM >> To: CF-Talk >> Subject: Re: Client Variables - Serious Problem >> >> > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
It seems like this wouldn't work in on clustered servers, if I understand your suggestion correctly -- to check for the session var on interior pages. H. > -Original Message- > From: Tilbrook, Peter [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 3:01 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > You need a way to detect if a browser has come into the site correctly, > ideally the home page, so set a Session variable on the home page > somewhere. > At the top of your other pages test if this variable exists and if it > doesn't do a CFLOCATION to the home page with ADDUURL="yes". > > -Original Message- > From: Webmaster [mailto:[EMAIL PROTECTED]] > Sent: Friday, 31 January 2003 9:46 AM > To: CF-Talk > Subject: Re: Client Variables - Serious Problem > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
You need a way to detect if a browser has come into the site correctly, ideally the home page, so set a Session variable on the home page somewhere. At the top of your other pages test if this variable exists and if it doesn't do a CFLOCATION to the home page with ADDUURL="yes". -Original Message- From: Webmaster [mailto:[EMAIL PROTECTED]] Sent: Friday, 31 January 2003 9:46 AM To: CF-Talk Subject: Re: Client Variables - Serious Problem Someone emailed the URL to someone else or a search engine has a link with the full url, cftoken included. We have a customer that will not allow cookies, for good reasons. So we have to use the URL to pass the CFID. We use client vars to track the session because session vars don't work behind a load balancer without cookies. (Specially if the uses IP address is different for each request (AOL, IBM etc)... So, you will run into a problem if someone emails the URL with the cftoken in it or a search engine gets it. Now anyone using that search engine and clicks on the link with the URLTOKEN in it will take on the personality associated with that token. What we did was added code to the application.cfm to check for the referrer. If the referrer is blank, which it will be if coming from an email, or if the referrer is not my host name, we clear the client.cfltoken vars. This gives them a new cftoken. This seems to work, however, some browsers do not pass the referrer. So, we are still looking for an optimal solution. If only we could use cookies, this would solve the problem. By the way. Amazon.com also has this problem because they work without cookies also, so we are not alone. 1: Go to Amazon.com 2: Put something in your cart. 3: Now send that URL to someone, or put it into another machine you have locally. 4: Now delete the cart. 5: go back to your first machine, and your cart is gone. So if you email the URL to show someone the cart, they can delete it. If that URL gets into a search engine, it can cause grief for a few days. This should not happen often so Amazon is not going to try to fix the problem. This is why Amazon forces you to enter your email and password every time on check out, even if you have cookies enabled... - Original Message - From: "Paul Giesenhagen" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 4:41 PM Subject: Re: Client Variables - Serious Problem > Currently I pass every link like this: > > Link > > I will try your suggestion. > > NOTE: I just recieved an email from a user who said someone knew all > their personal information ... sooo this is looking like a huge > problem. > > Thank you > Paul Giesenhagen > QuillDesign > > - Original Message - > From: "Owens, Howard" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 3:31 PM > Subject: RE: Client Variables - Serious Problem > > > > Paul: > > > > Are you on a cluster of servers? > > > > Also, how are you tracking CFID, CFTOKEN. > > > > I've found for the most stable success, I need to appened > #client.URLTOKEN# > > to every URL, including those passed in FORMS, and I also got better > results > > by dropping this on my Application.cfm page (at the suggestion of a > > list > > member): > > > > > clientmanagement="yes" > >setclientcookies="yes" clientstorage="dbClientVars" > > SETDOMAINCOOKIES="true"> > > > > followed by > > > > > > > secure="Yes"> > > > > Hope this helps. > > > > H. > > > > > > > -Original Message- > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > Sent: Thursday, January 30, 2003 1:08 PM > > > To: CF-Talk > > > Subject: Client Variables - Serious Problem > > > > > > Question: > > > > > > I am using client variables to login users and keep their > > > information while roaming the site. The problem is I just went > > > into the site and it > > > had me logged as another user of the site... Below is the code I > > > am > using > > > to login in a user I haven't used the client variables alot > > > so if > you > > > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > > > > > > output="client.member"> > > > > > > > > > > > > > > > > > > > > > > > > > > > &
RE: Client Variables - Serious Problem
Good info ... I like the idea of resetting the client vars in the application.cfm. I would say that depending on the application, if referrers are blocked, it may not be a major issue, though I could see where this would be a problem for, say, a shopping cart. This reminds me, too, of why, on an auction app I built, I require explicit logins for each and every bid (password only), and each and every time a user returns to check his current bid page. H. > -Original Message- > From: Webmaster [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 2:46 PM > To: CF-Talk > Subject: Re: Client Variables - Serious Problem > > Someone emailed the URL to someone else or a search engine has a link with > the full url, cftoken included. > > We have a customer that will not allow cookies, for good reasons. So we > have to use the URL to pass the CFID. We use client vars to track the > session because session vars don't work behind a load balancer without > cookies. (Specially if the uses IP address is different for each request > (AOL, IBM etc)... > So, you will run into a problem if someone emails the URL with the > cftoken > in it or a search engine gets it. Now anyone using that search engine and > clicks on the link with the URLTOKEN in it will take on the personality > associated with that token. > > What we did was added code to the application.cfm to check for the > referrer. If the referrer is blank, which it will be if coming from an > email, or if the referrer is not my host name, we clear the > client.cfltoken > vars. This gives them a new cftoken. This seems to work, however, some > browsers do not pass the referrer. So, we are still looking for an > optimal > solution. If only we could use cookies, this would solve the problem. > > By the way. Amazon.com also has this problem because they work without > cookies also, so we are not alone. > 1: Go to Amazon.com > 2: Put something in your cart. > 3: Now send that URL to someone, or put it into another machine you have > locally. > 4: Now delete the cart. > 5: go back to your first machine, and your cart is gone. > So if you email the URL to show someone the cart, they can delete it. If > that URL gets into a search engine, it can cause grief for a few days. > This should not happen often so Amazon is not going to try to fix the > problem. > This is why Amazon forces you to enter your email and password every time > on > check out, even if you have cookies enabled... > > > > - Original Message - > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 4:41 PM > Subject: Re: Client Variables - Serious Problem > > > > Currently I pass every link like this: > > > > Link > > > > I will try your suggestion. > > > > NOTE: I just recieved an email from a user who said someone knew all > their > > personal information ... sooo this is looking like a huge problem. > > > > Thank you > > Paul Giesenhagen > > QuillDesign > > > > - Original Message - > > From: "Owens, Howard" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Thursday, January 30, 2003 3:31 PM > > Subject: RE: Client Variables - Serious Problem > > > > > > > Paul: > > > > > > Are you on a cluster of servers? > > > > > > Also, how are you tracking CFID, CFTOKEN. > > > > > > I've found for the most stable success, I need to appened > > #client.URLTOKEN# > > > to every URL, including those passed in FORMS, and I also got better > > results > > > by dropping this on my Application.cfm page (at the suggestion of a > list > > > member): > > > > > > > > clientmanagement="yes" > > >setclientcookies="yes" > > > clientstorage="dbClientVars" > > > SETDOMAINCOOKIES="true"> > > > > > > followed by > > > > > > > > > secure="Yes"> > > > > > > Hope this helps. > > > > > > H. > > > > > > > > > > -Original Message- > > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > > Sent: Thursday, January 30, 2003 1:08 PM > > > > To: CF-Talk > > > > Subject: Client Variables - Serious Problem > > > > > > > > Question: > > > > > > > > I am using client variables to login users and keep their &g
RE: Client Variables - Serious Problem
It should, but I haven't fully tested it ... but anonymizer, as I understand it, deals merely with cookies and HTTP headers and CGI variables, but not URL strings. So if your tokens are passed in the strings, they should persist and help you maintain state. Probably the only place you'd loose state is across user sessions, which means users would need to explicitly log in for every session, if state-type variables are necessary for each client across multiple sessions. And remember, you can do H. > -Original Message- > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 2:40 PM > To: CF-Talk > Subject: Re: Client Variables - Serious Problem > > So making sure EVERY link is passing the #urlToken# keeps you safe ... > even > from something like anonymizer? > > Paul Giesenhagen > QuillDesign > > - Original Message - > From: "Owens, Howard" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 4:29 PM > Subject: RE: Client Variables - Serious Problem > > > > It's merely a back up ... to help the browser remember ... > > > > Of course, if the user is using something like anonymizer, then even > this > > isn't going to help, except explicitly passing the variables. > > > > H. > > > > > > > -Original Message- > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > Sent: Thursday, January 30, 2003 2:22 PM > > > To: CF-Talk > > > Subject: Re: Client Variables - Serious Problem > > > > > > Why does the cfcookie in the application.cfm file fix the problem?!?! > > > What > > > if they have cookies turned off? > > > > > > Paul Giesenhagen > > > QuillDesign > > > - Original Message - > > > From: "Owens, Howard" <[EMAIL PROTECTED]> > > > To: "CF-Talk" <[EMAIL PROTECTED]> > > > Sent: Thursday, January 30, 2003 4:08 PM > > > Subject: RE: Client Variables - Serious Problem > > > > > > > > > > No need to do that ... > > > > > > > > The code I gave you solved my problem ... which is the exact same > > > problem > > > > you are having. I've been through this, and a combination of things > I > > > got > > > > from this list, and my own guessing, I came up with the system I > know > > > use. > > > > > > > > In fact, I've gained so much confidence in this system that I no > longer > > > use > > > > session variables, which require locking (extra, confusing code). > If > I > > > need > > > > to pass complex data types, I juse WDDX. I no longer have issues of > > > users > > > > getting mixed up (knock on wood), whether its a clustered server > > > environ, > > > or > > > > single server. > > > > > > > > H. > > > > > > > > > > > > > -Original Message- > > > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > > > Sent: Thursday, January 30, 2003 2:08 PM > > > > > To: CF-Talk > > > > > Subject: Re: Client Variables - Serious Problem > > > > > > > > > > Well, I am storing them in the DB... I think I am missing > something > > > on > > > > > Client Variables .. (which I hang my head :) > > > > > > > > > > Should I be keeping the key CFID associated with the memberID in > the > > > db? > > > > > > > > > > Paul Giesenhagen > > > > > QuillDesign > > > > > > > > > > - Original Message - > > > > > From: "Matt Robertson" <[EMAIL PROTECTED]> > > > > > To: "CF-Talk" <[EMAIL PROTECTED]> > > > > > Sent: Thursday, January 30, 2003 4:03 PM > > > > > Subject: Re: Client Variables - Serious Problem > > > > > > > > > > > > > > > > While the symptoms Paul described are indeed similar to a > failure > to > > > > > lock > > > > > a session variable, listen to Ray and remember his level of > > > > > involvement/expertise with CF. Since client vars are stored in a > > > > > database, > > > > > a special mini-db in the registry or cookies, you have no shared > > > memory > > > > >
Re: Client Variables - Serious Problem
Someone emailed the URL to someone else or a search engine has a link with the full url, cftoken included. We have a customer that will not allow cookies, for good reasons. So we have to use the URL to pass the CFID. We use client vars to track the session because session vars don't work behind a load balancer without cookies. (Specially if the uses IP address is different for each request (AOL, IBM etc)... So, you will run into a problem if someone emails the URL with the cftoken in it or a search engine gets it. Now anyone using that search engine and clicks on the link with the URLTOKEN in it will take on the personality associated with that token. What we did was added code to the application.cfm to check for the referrer. If the referrer is blank, which it will be if coming from an email, or if the referrer is not my host name, we clear the client.cfltoken vars. This gives them a new cftoken. This seems to work, however, some browsers do not pass the referrer. So, we are still looking for an optimal solution. If only we could use cookies, this would solve the problem. By the way. Amazon.com also has this problem because they work without cookies also, so we are not alone. 1: Go to Amazon.com 2: Put something in your cart. 3: Now send that URL to someone, or put it into another machine you have locally. 4: Now delete the cart. 5: go back to your first machine, and your cart is gone. So if you email the URL to show someone the cart, they can delete it. If that URL gets into a search engine, it can cause grief for a few days. This should not happen often so Amazon is not going to try to fix the problem. This is why Amazon forces you to enter your email and password every time on check out, even if you have cookies enabled... - Original Message - From: "Paul Giesenhagen" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 4:41 PM Subject: Re: Client Variables - Serious Problem > Currently I pass every link like this: > > Link > > I will try your suggestion. > > NOTE: I just recieved an email from a user who said someone knew all their > personal information ... sooo this is looking like a huge problem. > > Thank you > Paul Giesenhagen > QuillDesign > > - Original Message - > From: "Owens, Howard" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 3:31 PM > Subject: RE: Client Variables - Serious Problem > > > > Paul: > > > > Are you on a cluster of servers? > > > > Also, how are you tracking CFID, CFTOKEN. > > > > I've found for the most stable success, I need to appened > #client.URLTOKEN# > > to every URL, including those passed in FORMS, and I also got better > results > > by dropping this on my Application.cfm page (at the suggestion of a list > > member): > > > > > clientmanagement="yes" > >setclientcookies="yes" > > clientstorage="dbClientVars" > > SETDOMAINCOOKIES="true"> > > > > followed by > > > > > > > > > > Hope this helps. > > > > H. > > > > > > > -Original Message- > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > Sent: Thursday, January 30, 2003 1:08 PM > > > To: CF-Talk > > > Subject: Client Variables - Serious Problem > > > > > > Question: > > > > > > I am using client variables to login users and keep their information > > > while roaming the site. The problem is I just went into the site and it > > > had me logged as another user of the site... Below is the code I am > using > > > to login in a user I haven't used the client variables alot so if > you > > > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > When I opened my browser and went to the site, It thought i was a > > > different user ... how could something like this have happened?? > > > > > > Any help or if you all need more information, please let me konw. > > > > > > (Win2K, CF5 - Single Machine) > > > > > > Thank you > > > Paul Giesenhagen > > > QuillDesign > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
So making sure EVERY link is passing the #urlToken# keeps you safe ... even from something like anonymizer? Paul Giesenhagen QuillDesign - Original Message - From: "Owens, Howard" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 4:29 PM Subject: RE: Client Variables - Serious Problem > It's merely a back up ... to help the browser remember ... > > Of course, if the user is using something like anonymizer, then even this > isn't going to help, except explicitly passing the variables. > > H. > > > > -Original Message- > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 2:22 PM > > To: CF-Talk > > Subject: Re: Client Variables - Serious Problem > > > > Why does the cfcookie in the application.cfm file fix the problem?!?! > > What > > if they have cookies turned off? > > > > Paul Giesenhagen > > QuillDesign > > - Original Message - > > From: "Owens, Howard" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Thursday, January 30, 2003 4:08 PM > > Subject: RE: Client Variables - Serious Problem > > > > > > > No need to do that ... > > > > > > The code I gave you solved my problem ... which is the exact same > > problem > > > you are having. I've been through this, and a combination of things I > > got > > > from this list, and my own guessing, I came up with the system I know > > use. > > > > > > In fact, I've gained so much confidence in this system that I no longer > > use > > > session variables, which require locking (extra, confusing code). If I > > need > > > to pass complex data types, I juse WDDX. I no longer have issues of > > users > > > getting mixed up (knock on wood), whether its a clustered server > > environ, > > or > > > single server. > > > > > > H. > > > > > > > > > > -Original Message- > > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > > Sent: Thursday, January 30, 2003 2:08 PM > > > > To: CF-Talk > > > > Subject: Re: Client Variables - Serious Problem > > > > > > > > Well, I am storing them in the DB... I think I am missing something > > on > > > > Client Variables .. (which I hang my head :) > > > > > > > > Should I be keeping the key CFID associated with the memberID in the > > db? > > > > > > > > Paul Giesenhagen > > > > QuillDesign > > > > > > > > - Original Message - > > > > From: "Matt Robertson" <[EMAIL PROTECTED]> > > > > To: "CF-Talk" <[EMAIL PROTECTED]> > > > > Sent: Thursday, January 30, 2003 4:03 PM > > > > Subject: Re: Client Variables - Serious Problem > > > > > > > > > > > > > While the symptoms Paul described are indeed similar to a failure to > > > > lock > > > > a session variable, listen to Ray and remember his level of > > > > involvement/expertise with CF. Since client vars are stored in a > > > > database, > > > > a special mini-db in the registry or cookies, you have no shared > > memory > > > > issues or race condition issues and no need to lock. None. Zilch. > > > > Bupkus. > > > > > > > > > > Now, with that said, Paul how are you storing those self-same cvars, > > and > > > > how are you keeping track of your key pair? This problem is unusual > > > > indeed. > > > > > > > > > > ----------- > > > > > Matt Robertson, [EMAIL PROTECTED] > > > > > MSB Designs, Inc. http://mysecretbase.com > > > > > --- > > > > > > > > > > > > > > > -- Original Message -- > > > > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > > > > > Reply-To: [EMAIL PROTECTED] > > > > > date: Thu, 30 Jan 2003 15:51:55 -0600 > > > > > > > > > > >Gel, > > > > > > > > > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond > > was > > > > part > > > > > >of the development of CF .
RE: Client Variables - Serious Problem
It's merely a back up ... to help the browser remember ... Of course, if the user is using something like anonymizer, then even this isn't going to help, except explicitly passing the variables. H. > -Original Message- > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 2:22 PM > To: CF-Talk > Subject: Re: Client Variables - Serious Problem > > Why does the cfcookie in the application.cfm file fix the problem?!?! > What > if they have cookies turned off? > > Paul Giesenhagen > QuillDesign > - Original Message - > From: "Owens, Howard" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 4:08 PM > Subject: RE: Client Variables - Serious Problem > > > > No need to do that ... > > > > The code I gave you solved my problem ... which is the exact same > problem > > you are having. I've been through this, and a combination of things I > got > > from this list, and my own guessing, I came up with the system I know > use. > > > > In fact, I've gained so much confidence in this system that I no longer > use > > session variables, which require locking (extra, confusing code). If I > need > > to pass complex data types, I juse WDDX. I no longer have issues of > users > > getting mixed up (knock on wood), whether its a clustered server > environ, > or > > single server. > > > > H. > > > > > > > -Original Message- > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > > Sent: Thursday, January 30, 2003 2:08 PM > > > To: CF-Talk > > > Subject: Re: Client Variables - Serious Problem > > > > > > Well, I am storing them in the DB... I think I am missing something > on > > > Client Variables .. (which I hang my head :) > > > > > > Should I be keeping the key CFID associated with the memberID in the > db? > > > > > > Paul Giesenhagen > > > QuillDesign > > > > > > - Original Message - > > > From: "Matt Robertson" <[EMAIL PROTECTED]> > > > To: "CF-Talk" <[EMAIL PROTECTED]> > > > Sent: Thursday, January 30, 2003 4:03 PM > > > Subject: Re: Client Variables - Serious Problem > > > > > > > > > > While the symptoms Paul described are indeed similar to a failure to > > > lock > > > a session variable, listen to Ray and remember his level of > > > involvement/expertise with CF. Since client vars are stored in a > > > database, > > > a special mini-db in the registry or cookies, you have no shared > memory > > > issues or race condition issues and no need to lock. None. Zilch. > > > Bupkus. > > > > > > > > Now, with that said, Paul how are you storing those self-same cvars, > and > > > how are you keeping track of your key pair? This problem is unusual > > > indeed. > > > > > > > > --- > > > > Matt Robertson, [EMAIL PROTECTED] > > > > MSB Designs, Inc. http://mysecretbase.com > > > > --- > > > > > > > > > > > > -- Original Message -- > > > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > > > > Reply-To: [EMAIL PROTECTED] > > > > date: Thu, 30 Jan 2003 15:51:55 -0600 > > > > > > > > >Gel, > > > > > > > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond > was > > > part > > > > >of the development of CF ..:) > > > > > > > > > >Paul Giesenhagen > > > > >QuillDesign > > > > > > > > > >- Original Message - > > > > >From: "Angel Stewart" <[EMAIL PROTECTED]> > > > > >To: "CF-Talk" <[EMAIL PROTECTED]> > > > > >Sent: Thursday, January 30, 2003 3:45 PM > > > > >Subject: RE: Client Variables - Serious Problem > > > > > > > > > > > > > > >> *folds arms* > > > > >> Oh yes you do! > > > > >> > > > > >> When you set them and read them! > > > > >> > > > > >> -Gel > > > > >> > > > > >> > > > > >> -Original Message- > > > > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]] > > > > >> > > > > >> Um, no, you don't. > > > > >> > > > > >> > > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
Paul, Like Howard mentioned, I think this is a problem with how you are maintaining state rather than cvars themselves. Here's a cfapplication statement from one of my apps that is running on a single server and maintaining state via cvars: Later on in application.cfm I do this: So if it finds a different value in the cookie versus whatever is current it resets the session ID back to the cookie value. Between those two things I never have any problems with losing the key pair, although appending all urls as mentioned and testing all three or something like that would be safest. --- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- -- Original Message -- From: "Paul Giesenhagen" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Thu, 30 Jan 2003 16:08:11 -0600 >Well, I am storing them in the DB... I think I am missing something on >Client Variables .. (which I hang my head :) > >Should I be keeping the key CFID associated with the memberID in the db? > >Paul Giesenhagen >QuillDesign > >- Original Message - >From: "Matt Robertson" <[EMAIL PROTECTED]> >To: "CF-Talk" <[EMAIL PROTECTED]> >Sent: Thursday, January 30, 2003 4:03 PM >Subject: Re: Client Variables - Serious Problem > > >> While the symptoms Paul described are indeed similar to a failure to lock >a session variable, listen to Ray and remember his level of >involvement/expertise with CF. Since client vars are stored in a database, >a special mini-db in the registry or cookies, you have no shared memory >issues or race condition issues and no need to lock. None. Zilch. Bupkus. >> >> Now, with that said, Paul how are you storing those self-same cvars, and >how are you keeping track of your key pair? This problem is unusual indeed. >> >> --- >> Matt Robertson, [EMAIL PROTECTED] >> MSB Designs, Inc. http://mysecretbase.com >> --- >> >> >> -- Original Message -- >> From: "Paul Giesenhagen" <[EMAIL PROTECTED]> >> Reply-To: [EMAIL PROTECTED] >> date: Thu, 30 Jan 2003 15:51:55 -0600 >> >> >Gel, >> > >> >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was >part >> >of the development of CF ..:) >> > >> >Paul Giesenhagen >> >QuillDesign >> > >> >- Original Message - >> >From: "Angel Stewart" <[EMAIL PROTECTED]> >> >To: "CF-Talk" <[EMAIL PROTECTED]> >> >Sent: Thursday, January 30, 2003 3:45 PM >> >Subject: RE: Client Variables - Serious Problem >> > >> > >> >> *folds arms* >> >> Oh yes you do! >> >> >> >> When you set them and read them! >> >> >> >> -Gel >> >> >> >> >> >> -Original Message- >> >> From: Raymond Camden [mailto:[EMAIL PROTECTED]] >> >> >> >> Um, no, you don't. >> >> >> >> >> > >> > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
Why does the cfcookie in the application.cfm file fix the problem?!?! What if they have cookies turned off? Paul Giesenhagen QuillDesign - Original Message - From: "Owens, Howard" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 4:08 PM Subject: RE: Client Variables - Serious Problem > No need to do that ... > > The code I gave you solved my problem ... which is the exact same problem > you are having. I've been through this, and a combination of things I got > from this list, and my own guessing, I came up with the system I know use. > > In fact, I've gained so much confidence in this system that I no longer use > session variables, which require locking (extra, confusing code). If I need > to pass complex data types, I juse WDDX. I no longer have issues of users > getting mixed up (knock on wood), whether its a clustered server environ, or > single server. > > H. > > > > -Original Message- > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 2:08 PM > > To: CF-Talk > > Subject: Re: Client Variables - Serious Problem > > > > Well, I am storing them in the DB... I think I am missing something on > > Client Variables .. (which I hang my head :) > > > > Should I be keeping the key CFID associated with the memberID in the db? > > > > Paul Giesenhagen > > QuillDesign > > > > - Original Message - > > From: "Matt Robertson" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Thursday, January 30, 2003 4:03 PM > > Subject: Re: Client Variables - Serious Problem > > > > > > > While the symptoms Paul described are indeed similar to a failure to > > lock > > a session variable, listen to Ray and remember his level of > > involvement/expertise with CF. Since client vars are stored in a > > database, > > a special mini-db in the registry or cookies, you have no shared memory > > issues or race condition issues and no need to lock. None. Zilch. > > Bupkus. > > > > > > Now, with that said, Paul how are you storing those self-same cvars, and > > how are you keeping track of your key pair? This problem is unusual > > indeed. > > > > > > --- > > > Matt Robertson, [EMAIL PROTECTED] > > > MSB Designs, Inc. http://mysecretbase.com > > > --- > > > > > > > > > -- Original Message -- > > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > > > Reply-To: [EMAIL PROTECTED] > > > date: Thu, 30 Jan 2003 15:51:55 -0600 > > > > > > >Gel, > > > > > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was > > part > > > >of the development of CF ..:) > > > > > > > >Paul Giesenhagen > > > >QuillDesign > > > > > > > >- Original Message - > > > >From: "Angel Stewart" <[EMAIL PROTECTED]> > > > >To: "CF-Talk" <[EMAIL PROTECTED]> > > > >Sent: Thursday, January 30, 2003 3:45 PM > > > >Subject: RE: Client Variables - Serious Problem > > > > > > > > > > > >> *folds arms* > > > >> Oh yes you do! > > > >> > > > >> When you set them and read them! > > > >> > > > >> -Gel > > > >> > > > >> > > > >> -Original Message- > > > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]] > > > >> > > > >> Um, no, you don't. > > > >> > > > >> > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
No need to do that ... The code I gave you solved my problem ... which is the exact same problem you are having. I've been through this, and a combination of things I got from this list, and my own guessing, I came up with the system I know use. In fact, I've gained so much confidence in this system that I no longer use session variables, which require locking (extra, confusing code). If I need to pass complex data types, I juse WDDX. I no longer have issues of users getting mixed up (knock on wood), whether its a clustered server environ, or single server. H. > -Original Message- > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 2:08 PM > To: CF-Talk > Subject: Re: Client Variables - Serious Problem > > Well, I am storing them in the DB... I think I am missing something on > Client Variables .. (which I hang my head :) > > Should I be keeping the key CFID associated with the memberID in the db? > > Paul Giesenhagen > QuillDesign > > - Original Message - > From: "Matt Robertson" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 4:03 PM > Subject: Re: Client Variables - Serious Problem > > > > While the symptoms Paul described are indeed similar to a failure to > lock > a session variable, listen to Ray and remember his level of > involvement/expertise with CF. Since client vars are stored in a > database, > a special mini-db in the registry or cookies, you have no shared memory > issues or race condition issues and no need to lock. None. Zilch. > Bupkus. > > > > Now, with that said, Paul how are you storing those self-same cvars, and > how are you keeping track of your key pair? This problem is unusual > indeed. > > > > --- > > Matt Robertson, [EMAIL PROTECTED] > > MSB Designs, Inc. http://mysecretbase.com > > --- > > > > > > -- Original Message -- > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > date: Thu, 30 Jan 2003 15:51:55 -0600 > > > > >Gel, > > > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was > part > > >of the development of CF ..:) > > > > > >Paul Giesenhagen > > >QuillDesign > > > > > >- Original Message - > > >From: "Angel Stewart" <[EMAIL PROTECTED]> > > >To: "CF-Talk" <[EMAIL PROTECTED]> > > >Sent: Thursday, January 30, 2003 3:45 PM > > >Subject: RE: Client Variables - Serious Problem > > > > > > > > >> *folds arms* > > >> Oh yes you do! > > >> > > >> When you set them and read them! > > >> > > >> -Gel > > >> > > >> > > >> -Original Message- > > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]] > > >> > > >> Um, no, you don't. > > >> > > >> > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
It's worth mentioning that with framesets in particular it is possible to have multiple requests from the client running at the same time. This can cause problems with the way that client variables work (at least as I understand it). A normal request goes like this: 1) CF reads the client variables from somehwere (cookie, db, whatever) 2) CF sets the client variables into a 'scope' that is analogous to the request scope 3) the request processes 4) CF copies the client variables from the client 'scope' back into somewhere. No big deal there, unless you get a second request (b) that arrives at the server before the first request (a) is finished. It won't have access to any values that the first request set, because they haven't been written back to the database yet. You get a timeline like this: a1 read a2 set b1 read b2 set a3 process a4 write b3 process b4 write Thus request b can overwrite any variable set by request a, and no one will ever know. If anyone cares to prove me incorrect, I'd LOVE to hear it. Definitely set my mind at ease. barneyb > -Original Message- > From: Owens, Howard [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 1:49 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > > You don't have to lock client variables ... why? Because the tracking > mechanism is more physical than virtual, is the best way I can > think to put > it. > > With session variables, the tracking mech is stored in the servers memory, > and the mem can get confused with all of those concurrent users. > > With client vars, they are stored either in the registery, a db, > or cookies. > This puts each cfid/token pair in it's own little sandbox, as it > were. The > client's browser (which isn't going to have any sharing/concurrent users) > does the job of remembering what its own cfid/token pair is. The > browser is > really doing all the heavy lifting, which is why they are called client > variables. However, since I've learned the hard way that the > browser has a > tendency to drop the ball (possibly because of user configurations), it's > necessary explicitly pass URLTOKENS, set client cookies and > properly set up > your CFApp tag (see previous post). > > I'm with Camden on this one. No you don't lock client vars. > > H. > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
Well, I am storing them in the DB... I think I am missing something on Client Variables .. (which I hang my head :) Should I be keeping the key CFID associated with the memberID in the db? Paul Giesenhagen QuillDesign - Original Message - From: "Matt Robertson" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 4:03 PM Subject: Re: Client Variables - Serious Problem > While the symptoms Paul described are indeed similar to a failure to lock a session variable, listen to Ray and remember his level of involvement/expertise with CF. Since client vars are stored in a database, a special mini-db in the registry or cookies, you have no shared memory issues or race condition issues and no need to lock. None. Zilch. Bupkus. > > Now, with that said, Paul how are you storing those self-same cvars, and how are you keeping track of your key pair? This problem is unusual indeed. > > --- > Matt Robertson, [EMAIL PROTECTED] > MSB Designs, Inc. http://mysecretbase.com > --- > > > -- Original Message -- > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > date: Thu, 30 Jan 2003 15:51:55 -0600 > > >Gel, > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was part > >of the development of CF ..:) > > > >Paul Giesenhagen > >QuillDesign > > > >- Original Message - > >From: "Angel Stewart" <[EMAIL PROTECTED]> > >To: "CF-Talk" <[EMAIL PROTECTED]> > >Sent: Thursday, January 30, 2003 3:45 PM > >Subject: RE: Client Variables - Serious Problem > > > > > >> *folds arms* > >> Oh yes you do! > >> > >> When you set them and read them! > >> > >> -Gel > >> > >> > >> -Original Message- > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]] > >> > >> Um, no, you don't. > >> > >> > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
While the symptoms Paul described are indeed similar to a failure to lock a session variable, listen to Ray and remember his level of involvement/expertise with CF. Since client vars are stored in a database, a special mini-db in the registry or cookies, you have no shared memory issues or race condition issues and no need to lock. None. Zilch. Bupkus. Now, with that said, Paul how are you storing those self-same cvars, and how are you keeping track of your key pair? This problem is unusual indeed. --- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- -- Original Message -- From: "Paul Giesenhagen" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Thu, 30 Jan 2003 15:51:55 -0600 >Gel, > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was part >of the development of CF ..:) > >Paul Giesenhagen >QuillDesign > >- Original Message - >From: "Angel Stewart" <[EMAIL PROTECTED]> >To: "CF-Talk" <[EMAIL PROTECTED]> >Sent: Thursday, January 30, 2003 3:45 PM >Subject: RE: Client Variables - Serious Problem > > >> *folds arms* >> Oh yes you do! >> >> When you set them and read them! >> >> -Gel >> >> >> -Original Message- >> From: Raymond Camden [mailto:[EMAIL PROTECTED]] >> >> Um, no, you don't. >> >> > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
*nervous chuckle* Oh..well gee... I was just taking my own advice and reading the archives and I see that you need to lock the application and session scope..but not necessarily the client or Request scopes.. Heh.. 0_0 Whoops! *nervous laugh* Ooookiees...no muffins for me huh? Bad Gel..Bad bad bad gel. *sneaks back to cfcommunity list* -Gel -Original Message- From: Angel Stewart [mailto:[EMAIL PROTECTED]] *folds arms* Oh yes you do! When you set them and read them! -Gel -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Um, no, you don't. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
You don't have to lock client variables ... why? Because the tracking mechanism is more physical than virtual, is the best way I can think to put it. With session variables, the tracking mech is stored in the servers memory, and the mem can get confused with all of those concurrent users. With client vars, they are stored either in the registery, a db, or cookies. This puts each cfid/token pair in it's own little sandbox, as it were. The client's browser (which isn't going to have any sharing/concurrent users) does the job of remembering what its own cfid/token pair is. The browser is really doing all the heavy lifting, which is why they are called client variables. However, since I've learned the hard way that the browser has a tendency to drop the ball (possibly because of user configurations), it's necessary explicitly pass URLTOKENS, set client cookies and properly set up your CFApp tag (see previous post). I'm with Camden on this one. No you don't lock client vars. H. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
Actually, before this turns into an all-out flame war, I think that Angel should find a post in the archives about correct locking practices where it says to lock client variables. Matthew Small IT Supervisor Showstopper National Dance Competitions 3660 Old Kings Hwy Murrells Inlet, SC 29576 843-357-1847 http://www.showstopperonline.com -Original Message- From: Angel Stewart [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:46 PM To: CF-Talk Subject: RE: Client Variables - Serious Problem *folds arms* Oh yes you do! When you set them and read them! -Gel -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Um, no, you don't. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
Gel, Sorry, I know you don't lock'm ... but also keep in mind, Raymond was part of the development of CF ..:) Paul Giesenhagen QuillDesign - Original Message - From: "Angel Stewart" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 3:45 PM Subject: RE: Client Variables - Serious Problem > *folds arms* > Oh yes you do! > > When you set them and read them! > > -Gel > > > -Original Message- > From: Raymond Camden [mailto:[EMAIL PROTECTED]] > > Um, no, you don't. > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
so ray. if you don't, why in god's name would paul be having that problem? ...tony Tony Weeg Senior Web Developer UnCertified Advanced ColdFusion Developer Information System Design Navtrak, Inc. Mobile workforce monitoring, mapping & reporting www.navtrak.net 410.548.2337 -Original Message- From: Angel Stewart [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:46 PM To: CF-Talk Subject: RE: Client Variables - Serious Problem *folds arms* Oh yes you do! When you set them and read them! -Gel -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Um, no, you don't. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
*folds arms* Oh yes you do! When you set them and read them! -Gel -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Um, no, you don't. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
Currently I pass every link like this: Link I will try your suggestion. NOTE: I just recieved an email from a user who said someone knew all their personal information ... sooo this is looking like a huge problem. Thank you Paul Giesenhagen QuillDesign - Original Message - From: "Owens, Howard" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 3:31 PM Subject: RE: Client Variables - Serious Problem > Paul: > > Are you on a cluster of servers? > > Also, how are you tracking CFID, CFTOKEN. > > I've found for the most stable success, I need to appened #client.URLTOKEN# > to every URL, including those passed in FORMS, and I also got better results > by dropping this on my Application.cfm page (at the suggestion of a list > member): > > clientmanagement="yes" >setclientcookies="yes" > clientstorage="dbClientVars" > SETDOMAINCOOKIES="true"> > > followed by > > > > > Hope this helps. > > H. > > > > -Original Message- > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 1:08 PM > > To: CF-Talk > > Subject: Client Variables - Serious Problem > > > > Question: > > > > I am using client variables to login users and keep their information > > while roaming the site. The problem is I just went into the site and it > > had me logged as another user of the site... Below is the code I am using > > to login in a user I haven't used the client variables alot so if you > > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > When I opened my browser and went to the site, It thought i was a > > different user ... how could something like this have happened?? > > > > Any help or if you all need more information, please let me konw. > > > > (Win2K, CF5 - Single Machine) > > > > Thank you > > Paul Giesenhagen > > QuillDesign > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
ok dave watts, again, we need the gavel on this one, whats the real answer ...tony Tony Weeg Senior Web Developer UnCertified Advanced ColdFusion Developer Information System Design Navtrak, Inc. Mobile workforce monitoring, mapping & reporting www.navtrak.net 410.548.2337 -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:38 PM To: CF-Talk Subject: RE: Client Variables - Serious Problem Um, no, you don't. === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Email: [EMAIL PROTECTED] WWW : www.camdenfamily.com/morpheus Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Angel Stewart [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 3:34 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > > You do need to lock the client variables when you set them. > > Check back in the Archives for the CF=Talk list. There have > been extensive discussions about correct locking practices. > > You DO need to lock them :) > Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=2534.2422.4 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
for real? so I was right! H! really? wow, that would be cool. tony, the evil tony was right. ...tony Tony Weeg Senior Web Developer UnCertified Advanced ColdFusion Developer Information System Design Navtrak, Inc. Mobile workforce monitoring, mapping & reporting www.navtrak.net 410.548.2337 -Original Message- From: Angel Stewart [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:34 PM To: CF-Talk Subject: RE: Client Variables - Serious Problem You do need to lock the client variables when you set them. Check back in the Archives for the CF=Talk list. There have been extensive discussions about correct locking practices. You DO need to lock them :) -Gel ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
well, it was also my understanding that cf managed those variables, cookies and cfid'sso who knows...i bet ray and some others do, don't listen to me today, im the other tony, not the one who knows cold fusion. ...tony Tony Weeg Senior Web Developer UnCertified Advanced ColdFusion Developer Information System Design Navtrak, Inc. Mobile workforce monitoring, mapping & reporting www.navtrak.net 410.548.2337 -Original Message- From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:33 PM To: CF-Talk Subject: Re: Client Variables - Serious Problem So, do you see anything wrong I don't think this is a mixup on one record ... I have recieved a few emails that led me to believe that other users on the website are also having these issues. Paul Giesenhagen QuillDesign - Original Message - From: "Raymond Camden" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 3:18 PM Subject: RE: Client Variables - Serious Problem > Woah - you do not need to lock client variable access - and even if you > were to use a lock, the Server scope lock is defintely not the right one > to use. > > === > Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc > > Email: [EMAIL PROTECTED] > WWW : www.camdenfamily.com/morpheus > Yahoo IM : morpheus > > "My ally is the Force, and a powerful ally it is." - Yoda > > > -Original Message- > > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 3:15 PM > > To: CF-Talk > > Subject: RE: Client Variables - Serious Problem > > > > > > paul, paul, paulits a locking issue my friend. > > > > client scope is something that should be locked (from what I > > remember.) > > > > do this... > > > > > > > > > output="client.member"> > > > > > > > > and then this... > > > > > > > > > > > > > DeleteClientVariable("location")> > > > > > > > > > > I think this may help you ;) > > > > ...tony > > > > Tony Weeg > > Senior Web Developer > > UnCertified Advanced ColdFusion Developer > > Information System Design > > Navtrak, Inc. > > Mobile workforce monitoring, mapping & reporting > > www.navtrak.net 410.548.2337 > > > > -Original Message- > > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 4:08 PM > > To: CF-Talk > > Subject: Client Variables - Serious Problem > > > > > > Question: > > > > I am using client variables to login users and keep their > > information while roaming the site. The problem is I just > > went into the site and it had me logged as another user of > > the site... Below is the code I am using to login in a > > user I haven't used the client variables alot so if you > > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > DeleteClientVariable("location")> > > > > > > When I opened my browser and went to the site, It thought i > > was a different user ... how could something like this have happened?? > > > > Any help or if you all need more information, please let me konw. > > > > (Win2K, CF5 - Single Machine) > > > > Thank you > > Paul Giesenhagen > > QuillDesign > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
Um, no, you don't. === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Email: [EMAIL PROTECTED] WWW : www.camdenfamily.com/morpheus Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Angel Stewart [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 3:34 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > > You do need to lock the client variables when you set them. > > Check back in the Archives for the CF=Talk list. There have > been extensive discussions about correct locking practices. > > You DO need to lock them :) > Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=2534.2422.4 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
Paul: Are you on a cluster of servers? Also, how are you tracking CFID, CFTOKEN. I've found for the most stable success, I need to appened #client.URLTOKEN# to every URL, including those passed in FORMS, and I also got better results by dropping this on my Application.cfm page (at the suggestion of a list member): followed by Hope this helps. H. > -Original Message- > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 1:08 PM > To: CF-Talk > Subject: Client Variables - Serious Problem > > Question: > > I am using client variables to login users and keep their information > while roaming the site. The problem is I just went into the site and it > had me logged as another user of the site... Below is the code I am using > to login in a user I haven't used the client variables alot so if you > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > When I opened my browser and went to the site, It thought i was a > different user ... how could something like this have happened?? > > Any help or if you all need more information, please let me konw. > > (Win2K, CF5 - Single Machine) > > Thank you > Paul Giesenhagen > QuillDesign > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
You do need to lock the client variables when you set them. Check back in the Archives for the CF=Talk list. There have been extensive discussions about correct locking practices. You DO need to lock them :) -Gel ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
So, do you see anything wrong I don't think this is a mixup on one record ... I have recieved a few emails that led me to believe that other users on the website are also having these issues. Paul Giesenhagen QuillDesign - Original Message - From: "Raymond Camden" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 3:18 PM Subject: RE: Client Variables - Serious Problem > Woah - you do not need to lock client variable access - and even if you > were to use a lock, the Server scope lock is defintely not the right one > to use. > > === > Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc > > Email: [EMAIL PROTECTED] > WWW : www.camdenfamily.com/morpheus > Yahoo IM : morpheus > > "My ally is the Force, and a powerful ally it is." - Yoda > > > -Original Message- > > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 3:15 PM > > To: CF-Talk > > Subject: RE: Client Variables - Serious Problem > > > > > > paul, paul, paulits a locking issue my friend. > > > > client scope is something that should be locked (from what I > > remember.) > > > > do this... > > > > > > > > > output="client.member"> > > > > > > > > and then this... > > > > > > > > > > > > > DeleteClientVariable("location")> > > > > > > > > > > I think this may help you ;) > > > > ...tony > > > > Tony Weeg > > Senior Web Developer > > UnCertified Advanced ColdFusion Developer > > Information System Design > > Navtrak, Inc. > > Mobile workforce monitoring, mapping & reporting > > www.navtrak.net 410.548.2337 > > > > -Original Message- > > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 4:08 PM > > To: CF-Talk > > Subject: Client Variables - Serious Problem > > > > > > Question: > > > > I am using client variables to login users and keep their > > information while roaming the site. The problem is I just > > went into the site and it had me logged as another user of > > the site... Below is the code I am using to login in a > > user I haven't used the client variables alot so if you > > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > DeleteClientVariable("location")> > > > > > > When I opened my browser and went to the site, It thought i > > was a different user ... how could something like this have happened?? > > > > Any help or if you all need more information, please let me konw. > > > > (Win2K, CF5 - Single Machine) > > > > Thank you > > Paul Giesenhagen > > QuillDesign > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client Variables - Serious Problem
Could it have anything to do with CFID, CFTOKEN? Are you supposed to track that with the cookies ...?! Paul Giesenhagen QuillDesign - Original Message - From: "Raymond Camden" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, January 30, 2003 3:18 PM Subject: RE: Client Variables - Serious Problem > Woah - you do not need to lock client variable access - and even if you > were to use a lock, the Server scope lock is defintely not the right one > to use. > > === > Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc > > Email: [EMAIL PROTECTED] > WWW : www.camdenfamily.com/morpheus > Yahoo IM : morpheus > > "My ally is the Force, and a powerful ally it is." - Yoda > > > -Original Message- > > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 3:15 PM > > To: CF-Talk > > Subject: RE: Client Variables - Serious Problem > > > > > > paul, paul, paulits a locking issue my friend. > > > > client scope is something that should be locked (from what I > > remember.) > > > > do this... > > > > > > > > > output="client.member"> > > > > > > > > and then this... > > > > > > > > > > > > > DeleteClientVariable("location")> > > > > > > > > > > I think this may help you ;) > > > > ...tony > > > > Tony Weeg > > Senior Web Developer > > UnCertified Advanced ColdFusion Developer > > Information System Design > > Navtrak, Inc. > > Mobile workforce monitoring, mapping & reporting > > www.navtrak.net 410.548.2337 > > > > -Original Message- > > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 30, 2003 4:08 PM > > To: CF-Talk > > Subject: Client Variables - Serious Problem > > > > > > Question: > > > > I am using client variables to login users and keep their > > information while roaming the site. The problem is I just > > went into the site and it had me logged as another user of > > the site... Below is the code I am using to login in a > > user I haven't used the client variables alot so if you > > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > DeleteClientVariable("location")> > > > > > > When I opened my browser and went to the site, It thought i > > was a different user ... how could something like this have happened?? > > > > Any help or if you all need more information, please let me konw. > > > > (Win2K, CF5 - Single Machine) > > > > Thank you > > Paul Giesenhagen > > QuillDesign > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
coool thing :) I just looked at the code I have, on our site, that uses client vars and I don't lock it, musta been the other Tony Weeg that typed that last email, BAD other personality! BAD BAD BAD ...tony Tony Weeg Senior Web Developer UnCertified Advanced ColdFusion Developer Information System Design Navtrak, Inc. Mobile workforce monitoring, mapping & reporting www.navtrak.net 410.548.2337 -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:18 PM To: CF-Talk Subject: RE: Client Variables - Serious Problem Woah - you do not need to lock client variable access - and even if you were to use a lock, the Server scope lock is defintely not the right one to use. === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Email: [EMAIL PROTECTED] WWW : www.camdenfamily.com/morpheus Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 3:15 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > > paul, paul, paulits a locking issue my friend. > > client scope is something that should be locked (from what I > remember.) > > do this... > > > >output="client.member"> > > > > and then this... > > > > > > DeleteClientVariable("location")> > > > > > I think this may help you ;) > > ...tony > > Tony Weeg > Senior Web Developer > UnCertified Advanced ColdFusion Developer > Information System Design > Navtrak, Inc. > Mobile workforce monitoring, mapping & reporting > www.navtrak.net 410.548.2337 > > -Original Message- > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 4:08 PM > To: CF-Talk > Subject: Client Variables - Serious Problem > > > Question: > > I am using client variables to login users and keep their > information while roaming the site. The problem is I just > went into the site and it had me logged as another user of > the site... Below is the code I am using to login in a > user I haven't used the client variables alot so if you > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > DeleteClientVariable("location")> > > > When I opened my browser and went to the site, It thought i > was a different user ... how could something like this have happened?? > > Any help or if you all need more information, please let me konw. > > (Win2K, CF5 - Single Machine) > > Thank you > Paul Giesenhagen > QuillDesign > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
oops, my badbut, I thought I had heard on this list, that you needed to.im dumb. my bad. sorry. im the dumb butt :) ...tony Tony Weeg Senior Web Developer UnCertified Advanced ColdFusion Developer Information System Design Navtrak, Inc. Mobile workforce monitoring, mapping & reporting www.navtrak.net 410.548.2337 -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 4:18 PM To: CF-Talk Subject: RE: Client Variables - Serious Problem Woah - you do not need to lock client variable access - and even if you were to use a lock, the Server scope lock is defintely not the right one to use. === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Email: [EMAIL PROTECTED] WWW : www.camdenfamily.com/morpheus Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 3:15 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > > paul, paul, paulits a locking issue my friend. > > client scope is something that should be locked (from what I > remember.) > > do this... > > > >output="client.member"> > > > > and then this... > > > > > > DeleteClientVariable("location")> > > > > > I think this may help you ;) > > ...tony > > Tony Weeg > Senior Web Developer > UnCertified Advanced ColdFusion Developer > Information System Design > Navtrak, Inc. > Mobile workforce monitoring, mapping & reporting > www.navtrak.net 410.548.2337 > > -Original Message- > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 4:08 PM > To: CF-Talk > Subject: Client Variables - Serious Problem > > > Question: > > I am using client variables to login users and keep their > information while roaming the site. The problem is I just > went into the site and it had me logged as another user of > the site... Below is the code I am using to login in a > user I haven't used the client variables alot so if you > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > DeleteClientVariable("location")> > > > When I opened my browser and went to the site, It thought i > was a different user ... how could something like this have happened?? > > Any help or if you all need more information, please let me konw. > > (Win2K, CF5 - Single Machine) > > Thank you > Paul Giesenhagen > QuillDesign > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Client Variables - Serious Problem
Woah - you do not need to lock client variable access - and even if you were to use a lock, the Server scope lock is defintely not the right one to use. === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Email: [EMAIL PROTECTED] WWW : www.camdenfamily.com/morpheus Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 3:15 PM > To: CF-Talk > Subject: RE: Client Variables - Serious Problem > > > paul, paul, paulits a locking issue my friend. > > client scope is something that should be locked (from what I > remember.) > > do this... > > > >output="client.member"> > > > > and then this... > > > > > > DeleteClientVariable("location")> > > > > > I think this may help you ;) > > ...tony > > Tony Weeg > Senior Web Developer > UnCertified Advanced ColdFusion Developer > Information System Design > Navtrak, Inc. > Mobile workforce monitoring, mapping & reporting > www.navtrak.net 410.548.2337 > > -Original Message- > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 4:08 PM > To: CF-Talk > Subject: Client Variables - Serious Problem > > > Question: > > I am using client variables to login users and keep their > information while roaming the site. The problem is I just > went into the site and it had me logged as another user of > the site... Below is the code I am using to login in a > user I haven't used the client variables alot so if you > see something I am doing wrong, please enlighten. > > > > > > > > > > > > > > > > DeleteClientVariable("location")> > > > When I opened my browser and went to the site, It thought i > was a different user ... how could something like this have happened?? > > Any help or if you all need more information, please let me konw. > > (Win2K, CF5 - Single Machine) > > Thank you > Paul Giesenhagen > QuillDesign > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4