subject:"RE\: client variables"

On 2/15/07, John Blayter <[EMAIL PROTECTED]> wrote:
> My $0.02 is that you are going to
> end up with something that is damn close to client variables.

Seems that way.

I consider it obsolete but maybe ont in this case: the first custom
tag I wrote is SessionMonger.  Done back in the bad old days when I
was running CF 3.x on Interland (those bastages!) servers... that
rebooted themselves about every three minutes, so CF sessions were
worth dookie and I had to have something that survived even a cold
reboot.

It has expirrations and takes a halfway decent shot at making itself
unique.  Works without cookies.  Don't laugh too hard.  This was a
long time ago when I first wrote it up:

http://cfdj.sys-con.com/read/42032.htm

And the tag at Adobe:

http://tinyurl.com/2juvou

The ancient page for the tag:

http://mysecretbase.com/SessionMonger_Home.cfm

I'd read that last one first.

-- 
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269978
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-15 Thread John Blayter

Even if you pass around the session.urlToken around in the URL if you must
use cookies if you want to use session replication. If you can't use
cookies, client variables and you must have session replication you are left
with rolling your own state management. My $0.02 is that you are going to
end up with something that is damn close to client variables.

On 2/15/07, Mike Kear <[EMAIL PROTECTED]> wrote:
>
> His issue about the new token each time is mainly prompted by the
> issue of corporate users sharing the same IP.This is an app where
> there may be many users in a building accessing the site, and each
> will have his/her own permissions set.   So he doesnt want one person
> having higher access than they deserve by accident.  They could grant
> their management unit product they havent been approved for.
>
> So it kind of makes sense.
>
> This is a product where the unit values are very high and a large
> organisation will buy lots of licenses, and one senior person in the
> organisation will allow the various operational units to have
> specified numbers of licenses and they'll be logging in to manage the
> licenses they have a right to.
>
> So he's not being silly about it, I can see where his mind is on it.
> Not quite sure how it's all going to work, that's the problem.
>
>
> Cheers
> Mike Kear
> Windsor, NSW, Australia
> Adobe Certified Advanced ColdFusion Developer
> AFP Webworks
> http://afpwebworks.com
> ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month
>
>
> On 2/16/07, Dinner <[EMAIL PROTECTED]> wrote:
> > On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote:
> > > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote:
> > > > Lot of work for not much difference.  Might as well set the session
> > > > timeout really really low or something, right?
> > >
> > > If I were trying to find sanity in the desired approach, I'd first
> > > have to accept the fact that you *cannot* have cookies.  In an
> > > environment where site customers are all corporate, and an entire
> > > building's worth of buyers could all be sharing the same cookie thanks
> > > to some fascist security scheme, the use of cookies can be
> > > catastrophic.  Been there.  So I understand the requirement although I
> > > pity to poor guy who has to comply with it.
> >
> > So we've got to keep it going from request to request, via form or url
> > params-- doable, but needs strict "form" to accomplish well (and length
> > may be an issue-- thus, the custom token).
> >
> > Or a smart "render-er", I guess.  Pipe normal code thru, out comes
> > tokened code?  Hrm... pretty damn hard to make [well  =].
> >
> > > Given that, a short session timeout would not solve the problem.  If I
> > > was stuck passing url tokens of some kind, a continuously morphing one
> > > sounds like a step up from a static one; at least on the surface.
> >
>
> 

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269976
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

His issue about the new token each time is mainly prompted by the
issue of corporate users sharing the same IP.This is an app where
there may be many users in a building accessing the site, and each
will have his/her own permissions set.   So he doesnt want one person
having higher access than they deserve by accident.  They could grant
their management unit product they havent been approved for.

So it kind of makes sense.

This is a product where the unit values are very high and a large
organisation will buy lots of licenses, and one senior person in the
organisation will allow the various operational units to have
specified numbers of licenses and they'll be logging in to manage the
licenses they have a right to.

So he's not being silly about it, I can see where his mind is on it.
 Not quite sure how it's all going to work, that's the problem.

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month

On 2/16/07, Dinner <[EMAIL PROTECTED]> wrote:
> On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote:
> > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote:
> > > Lot of work for not much difference.  Might as well set the session
> > > timeout really really low or something, right?
> >
> > If I were trying to find sanity in the desired approach, I'd first
> > have to accept the fact that you *cannot* have cookies.  In an
> > environment where site customers are all corporate, and an entire
> > building's worth of buyers could all be sharing the same cookie thanks
> > to some fascist security scheme, the use of cookies can be
> > catastrophic.  Been there.  So I understand the requirement although I
> > pity to poor guy who has to comply with it.
>
> So we've got to keep it going from request to request, via form or url
> params-- doable, but needs strict "form" to accomplish well (and length
> may be an issue-- thus, the custom token).
>
> Or a smart "render-er", I guess.  Pipe normal code thru, out comes
> tokened code?  Hrm... pretty damn hard to make [well  =].
>
> > Given that, a short session timeout would not solve the problem.  If I
> > was stuck passing url tokens of some kind, a continuously morphing one
> > sounds like a step up from a static one; at least on the surface.
>

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269974
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

2007-02-15 Thread Dinner

On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote:
> On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote:
> > Lot of work for not much difference.  Might as well set the session
> > timeout really really low or something, right?
>
> If I were trying to find sanity in the desired approach, I'd first
> have to accept the fact that you *cannot* have cookies.  In an
> environment where site customers are all corporate, and an entire
> building's worth of buyers could all be sharing the same cookie thanks
> to some fascist security scheme, the use of cookies can be
> catastrophic.  Been there.  So I understand the requirement although I
> pity to poor guy who has to comply with it.

So we've got to keep it going from request to request, via form or url
params-- doable, but needs strict "form" to accomplish well (and length
may be an issue-- thus, the custom token).

Or a smart "render-er", I guess.  Pipe normal code thru, out comes
tokened code?  Hrm... pretty damn hard to make [well  =].

> Given that, a short session timeout would not solve the problem.  If I
> was stuck passing url tokens of some kind, a continuously morphing one
> sounds like a step up from a static one; at least on the surface.

Well, it would achieve the same thing as having a really low session time
out-- perhaps not even that much, because the session would time out
after a set time, vs. the "manual" session, that presumably just hangs
out until the next token comes in (course, you could go that extra mile,
and add timeouts, etc..  Might as well do it right, right! ;).

The reason you keep it morphing is to prevent someone from stealing
it from someplace where it's exposed (hopefully not google) and using
it to "impersonate" the "real" session.

A low session timeout would accomplish the same thing, sorta.

> 'course, I haven't seen "the problem" since a health care industry job
> I did like six years ago, so for all I know firewalls are a hell of a
> lot smarter now and this client is living in the past and solving a
> problem that doesn't exist anymore.

Heh.  That's a good point.  Worthy of talking over w/ d client, fer sure.

> Glad its not my job and all I have to do is idly speculate without
> really thinking it thru :-)

You know what they say about idle hands...  ;-)

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269973
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote:
> Lot of work for not much difference.  Might as well set the session
> timeout really really low or something, right?

If I were trying to find sanity in the desired approach, I'd first
have to accept the fact that you *cannot* have cookies.  In an
environment where site customers are all corporate, and an entire
building's worth of buyers could all be sharing the same cookie thanks
to some fascist security scheme, the use of cookies can be
catastrophic.  Been there.  So I understand the requirement although I
pity to poor guy who has to comply with it.

Given that, a short session timeout would not solve the problem.  If I
was stuck passing url tokens of some kind, a continuously morphing one
sounds like a step up from a static one; at least on the surface.

'course, I haven't seen "the problem" since a health care industry job
I did like six years ago, so for all I know firewalls are a hell of a
lot smarter now and this client is living in the past and solving a
problem that doesn't exist anymore.

Glad its not my job and all I have to do is idly speculate without
really thinking it thru :-)

-- 
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269972
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-15 Thread Dinner

On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote:

> On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote:
> > In theory, it's exactly the same thing as using tokens.  So you
> > change it with every request-- you've still got to get the old token
> > in!  Lots of added complexity for the same end result.
>
> Not the same thing.  Whatever hack is in progress would not be able to
> count on a constant cfid and cftoken value after the initial read.

I was more thinking "in process"-- all you need is one token, and
then you submit it back before the "real" user does.

Lot of work for not much difference.  Might as well set the session
timeout really really low or something, right?

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269971
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

On 2/15/07, Josh Nathanson <[EMAIL PROTECTED]> wrote:
> Matt, can you explain exactly what the security issues are.

By exposing the cfid and cftoken you are announcing to the world what
your session identifier is.  In turn you are giving someone the
opportunity to more easily manipulate it.  Sure someone can accept a
cookie, read the value off the hard drive and then have the same info
(I suppose you could make the read more difficult by not writing a
cookie to disk and only using a session cookie) but by passing it via
the url you are making the job as easy as possible for the attacker.

Its only one thin layer on the onion, but I'd rather have that layer
on along with every other one I can get my hands on.

On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote:
> In theory, it's exactly the same thing as using tokens.  So you
> change it with every request-- you've still got to get the old token
> in!  Lots of added complexity for the same end result.

Not the same thing.  Whatever hack is in progress would not be able to
count on a constant cfid and cftoken value after the initial read.
Since it keeps changing the hack would have to adapt to this.  The job
would be more difficult but its certainly not going to solve the
problem of exposing the key pair and make the app bulletproof, by any
stretch.

-- 
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269969
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-15 Thread Dinner

On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote:

> His solution is ... well ... mind-boggling.  In theory it should work.

In theory, it's exactly the same thing as using tokens.  So you
change it with every request-- you've still got to get the old token
in!  Lots of added complexity for the same end result.

Why not use your own token (thus avoiding same IP/etc. combos)
and use some stuff to make sure it's the same IP with each
request, etc., so it'll be a little bit protected from session stealing?

Something along those lines perhaps...

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269967
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

2007-02-15 Thread Josh Nathanson

> He's right... if you take the step of saying no cookies allowed you
> have to pass the token around from link to link, exposing it via the
> url and that is a security issue.

Matt, can you explain exactly what the security issues are.  Are you talking 
about sniffing it over the network (would https help that)?  Wouldn't you 
have to have admin access to the server anyway to do anything with that 
information, in which case security is compromised already?  I don't know 
much about security so I'm curious - I don't see exactly how having the 
session id alone would compromise security.

-- Josh



~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269966
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

good lord that sounds positively insane.

He's right... if you take the step of saying no cookies allowed you
have to pass the token around from link to link, exposing it via the
url and that is a security issue.  Caused by the draconian no cookie
requirement but its an issue alright.  And if its a B2B he may have a
higher likelihood of users who are behind firewalls and sharing a
single cookie and IP.  So he may not be as insane as all that.

His solution is ... well ... mind-boggling.  In theory it should work.
 But holy crap talk about making things as difficult as possible.
Lets reinvent the wheel and further specify that the wheel cannot
simply be round, but rather must travel forward by folding space.

Kind of an interesting brain teaser though.

-- 
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269965
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

I've not quite got it figured out myself.  But the cilent has a bit of
experience with coldfusion, going back to CF1 and up to CF5.2.  So he
knows something of what he speaks, but his technical knowledge is
dated.

Anyway, he says there's a security issue with using a token throughout
for a session, so each page view has to issue a new token, and expire
the last one.

SO i suppose that means in the applicatoin.cfc I have to add something
like this (pseudo code) to the onrequeststart() method:

gettoken()
  retrieve state from the database
  createUUID()
  set token to be the new UUID

I'm not sure how to do it yet.   I'm still trying to convince him to
let me use client vars!

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month

On/16/07, Eric Haskins <[EMAIL PROTECTED]> wrote:
> "And to add to the fun of it all, we have to have a
> new session variable each page request."
>
> Can you explain this a bit?? What do you mean?
>
>
>

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269941
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client variables? reliable enough?

2007-02-15 Thread Che Vilnonis

This is absolutley true. There is a DB performance hit with using client
vars. But, if your site is not a high volume site or if you are on a shared
server with limited Ram, client cariables may be beneficial.

~Ché

-Original Message-
From: Eric Haskins [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 15, 2007 2:27 PM
To: CF-Talk
Subject: Re: Client variables? reliable enough?

Coming over from php I have always used Session Vars to start off. I have
uncovered issues with the Client Vars here in my current position. If you do
high volume and have a large customer base you can experience a performance
hit with Client Var lookups.

Eric

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269940
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-15 Thread Eric Haskins

"And to add to the fun of it all, we have to have a
new session variable each page request."

Can you explain this a bit?? What do you mean?


~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269937
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

2007-02-15 Thread Eric Haskins

Coming over from php I have always used Session Vars to start off. I have
uncovered issues with the Client Vars here in my current position. If you do
high volume and have a large customer base you can experience a performance
hit with Client Var lookups.

Eric


~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269935
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

I have never had to use URLSessionformat() before but it sounds like
it's going to be very helpful in this case.

Oh and this is a business-to-business shopping cart app, so we do have
to maintain state.  And to add to the fun of it all, we have to have a
new session variable each page request.

The server is going to have a lot of grunt and relatively low traffic,
so i'm not too worried about dipping into the database every page but
it would be better without.  And having to wddx structs isnt much of a
problem because i dont pass them from page to page much any more.
Instead i use beans, which are even harder to pass through client
vars.   In fact i'd say they're pretty well impossible and will
probably need to be persisted to the database and rebuilt each page
view.

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month

On 2/16/07, Matt Robertson <[EMAIL PROTECTED]> wrote:
> if you're bidding on a job he has just added a nice fat increase to
> your bid expense.  You will have to pass the key pair around for
> everything.  All cflocations, form posts, url links.  The works.  And
> exposing the key pair has security implications that imho cannot be
> overcome.  You basically create an attack surface that otherwise
> doesn't exist.
>
> urlsessionformat() is going to be your friend, sadly.
>
> As for client vars, I echo what was said with respect to the fact that
> it works fine if you design your app to use it from scratch, and
> realize its limitations (i.e. no structs unless you want to use cfwddx
> to plug them in, which is crazy overhead).
>
> Cvars are the right tool for SOME jobs but not all of them.  Every hit
> to your server will generate a hit to your database as the lvisit and
> hitcount vars are updated, at minimum.  Fine if you plan for it and
> know what you're getting into, but session vars are probably a better
> option.  Since the advent of CF MX I have tried to stay away from
> cvars if I can and stick to session vars.
>
> --
> [EMAIL PROTECTED]
> Janitor, The Robertson Team
> mysecretbase.com
>
>

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269933
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

if you're bidding on a job he has just added a nice fat increase to
your bid expense. You will have to pass the key pair around for
everything. All cflocations, form posts, url links. The works. And
exposing the key pair has security implications that imho cannot be
overcome. You basically create an attack surface that otherwise
doesn't exist.

urlsessionformat() is going to be your friend, sadly.

As for client vars, I echo what was said with respect to the fact that
it works fine if you design your app to use it from scratch, and
realize its limitations (i.e. no structs unless you want to use cfwddx
to plug them in, which is crazy overhead).

Cvars are the right tool for SOME jobs but not all of them. Every hit
to your server will generate a hit to your database as the lvisit and
hitcount vars are updated, at minimum. Fine if you plan for it and
know what you're getting into, but session vars are probably a better
option. Since the advent of CF MX I have tried to stay away from
cvars if I can and stick to session vars.

--
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com

~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269928
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client variables? reliable enough?

2007-02-15 Thread Andy Matthews

With no cookies then you'd never have a way of knowing if you have a
returning user. Is he okay with that? Is he willing to sacrifice the
convenience of his users for this insistence?

Andy matthews

-Original Message-
From: Che Vilnonis [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 15, 2007 12:52 PM
To: CF-Talk
Subject: RE: Client variables? reliable enough?

AFAIK, with NO cookies, you would need to pass the CFID and CFTOKEN in the
URL for each request.

-Original Message-
From: Mike Kear [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 1:46 PM
To: CF-Talk
Subject: Re: Client variables? reliable enough?

Still negotiating with my client about Clientvars.  He's finally said this -
what do you make of it 

[quote]
I don't care too much about client vars and how they are implemented as long
as there are NO COOKIES used. But be warned, if we have issues with the site
in production, they will need to be fixed at your cost. [/quote]

Well i dont have a problem with standing behind my own work . i'd expect to
have to fix anythign that didnt work properly anyway.  But what do you make
of the insistence that there can't be any cookies?

How do you maintain state, with NO cookies at all?  surely as a
minimum you have to have a session cookie, dont you?   How else do you
keep track of sessions?

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month

On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote:
> i'm using client variables stored in cookies across two load balanced 
> boxes with dual cf instancesyet to see a problem - running like 
> this for 2 years! I don't see what the fuss is all about
>
> john.
>

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269927
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-15 Thread Josh Nathanson

You will have to pass them in the url, so every link would need to have CFID 
and CFTOKEN appended to it.  It's a pain but it can be done.

If your client wants to have no cookies set at all, even if the user accepts 
them, don't use URLSessionFormat: this will place a cookie if the user 
accepts them, or append the CFID/CFTOKEN/jsessionid if they don't.

Too bad cookies got such a bad rap.  The public at large is terrified of 
them.  I'm sure your client probably has no idea what they are or how they 
work, and how helpful they can be for developers.

-- Josh


- Original Message - 
From: "Mike Kear" <[EMAIL PROTECTED]>
To: "CF-Talk" 
Sent: Thursday, February 15, 2007 10:46 AM
Subject: Re: Client variables? reliable enough?


> Still negotiating with my client about Clientvars.  He's finally said
> this - what do you make of it 
>
> [quote]
> I don't care too much about client vars and how they are implemented
> as long as there are NO COOKIES used. But be warned, if we have issues
> with the site in production, they will need to be fixed at your cost.
> [/quote]
>
>
> Well i dont have a problem with standing behind my own work . i'd
> expect to have to fix anythign that didnt work properly anyway.  But
> what do you make of the insistence that there can't be any cookies?
>
> How do you maintain state, with NO cookies at all?  surely as a
> minimum you have to have a session cookie, dont you?   How else do you
> keep track of sessions?
>
> Cheers
> Mike Kear
> Windsor, NSW, Australia
> Adobe Certified Advanced ColdFusion Developer
> AFP Webworks
> http://afpwebworks.com
> ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month
>
>
> On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote:
>> i'm using client variables stored in cookies across two load balanced
>> boxes with dual cf instancesyet to see a problem - running like
>> this for 2 years! I don't see what the fuss is all about
>>
>> john.
>>
>
> 

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269926
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client variables? reliable enough?

2007-02-15 Thread Che Vilnonis

AFAIK, with NO cookies, you would need to pass the CFID and CFTOKEN in the
URL for each request.

-Original Message-
From: Mike Kear [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 15, 2007 1:46 PM
To: CF-Talk
Subject: Re: Client variables? reliable enough?

Still negotiating with my client about Clientvars.  He's finally said this -
what do you make of it 

[quote]
I don't care too much about client vars and how they are implemented as long
as there are NO COOKIES used. But be warned, if we have issues with the site
in production, they will need to be fixed at your cost. [/quote]

Well i dont have a problem with standing behind my own work . i'd expect to
have to fix anythign that didnt work properly anyway.  But what do you make
of the insistence that there can't be any cookies?

How do you maintain state, with NO cookies at all?  surely as a
minimum you have to have a session cookie, dont you?   How else do you
keep track of sessions?

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month

On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote:
> i'm using client variables stored in cookies across two load balanced 
> boxes with dual cf instancesyet to see a problem - running like 
> this for 2 years! I don't see what the fuss is all about
>
> john.
>

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269924
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

Still negotiating with my client about Clientvars.  He's finally said
this - what do you make of it 

[quote]
I don't care too much about client vars and how they are implemented
as long as there are NO COOKIES used. But be warned, if we have issues
with the site in production, they will need to be fixed at your cost.
[/quote]

Well i dont have a problem with standing behind my own work . i'd
expect to have to fix anythign that didnt work properly anyway.  But
what do you make of the insistence that there can't be any cookies?

How do you maintain state, with NO cookies at all?  surely as a
minimum you have to have a session cookie, dont you?   How else do you
keep track of sessions?

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month

On 2/8/07, John Beynon <[EMAIL PROTECTED]> wrote:
> i'm using client variables stored in cookies across two load balanced
> boxes with dual cf instancesyet to see a problem - running like
> this for 2 years! I don't see what the fuss is all about
>
> john.
>

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269921
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables? reliable enough?

2007-02-08 Thread John Beynon

i'm using client variables stored in cookies across two load balanced
boxes with dual cf instancesyet to see a problem - running like
this for 2 years! I don't see what the fuss is all about

john.

On 2/8/07, Mike Kear <[EMAIL PROTECTED]> wrote:
> Neil, can you be a bit more specific please?What sort of issues do you
> get with client vars?   ( have to make a fundamentail architecture decision
> in the next few days - whether or not to use client vars).  I need to know
> if the issues you had also apply in my situation.
>
>
> Cheers
> Mike Kear
> Windsor, NSW, Australia
> Adobe Certified Advanced ColdFusion Developer
> AFP Webworks
> http://afpwebworks.com
> ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month
>
>
> On 2/6/07, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]>
> wrote:
> >
> > << > if you
> > store them in a DB, I would avoid them if you had the choice.
> >
> > As for no sticky sessions, that only leaves you session replication with
> > ColdFusion under J2EE.
> >
> >
>
>
> 

~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269122
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-07 Thread Mike Kear

Neil, can you be a bit more specific please?What sort of issues do you
get with client vars?   ( have to make a fundamentail architecture decision
in the next few days - whether or not to use client vars).  I need to know
if the issues you had also apply in my situation.


Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month


On 2/6/07, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]>
wrote:
>
> << if you
> store them in a DB, I would avoid them if you had the choice.
>
> As for no sticky sessions, that only leaves you session replication with
> ColdFusion under J2EE.
>
>


~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269104
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client variables? reliable enough?

2007-02-06 Thread Paul Vernon

> > What do you make of what the client said?   Does it have any merit in
> > current versions?   Can anyone attest to reliability (or 
> > otherwise)  of
> > client vars in CF7?   (I should also add there is no chance 
> > we're going to
> > use the registry to store client vars - it's going to be in 
> > the database if we use them)
> >
> 
> My experience has always been bad, they are pretty clunky. 
> Even worse if you store them in a DB, I would avoid them if 
> you had the choice.
> 
> As for no sticky sessions, that only leaves you session 
> replication with ColdFusion under J2EE.
> 

I haven't used client vars in quite some time... No need. But when I did it
was with a 4 server CF5 NLB array with an active/passive SQL2000 cluster.
The CF machines had a separate SQL instance dedicated to client storage and
to be honest, the only problem we had was dealing with the extra bandwidth
that the back end needed when we got into the realms of 3000 simultaneous
users...

In the end, it wasn't the client var traffic that was causing the problem.
We solved the bandwidth issue by moving the source code onto the web servers
instead of them using the filestore server and used robocopy to keep them in
sync... Nowadays I'd use SVN to deploy :) 

Once we had solved the bandwidth problems, everything was fine. We never had
any issues at all with client storage but I will say this... We designed the
app from the very beginning to use client storage. We didn't port the code
from session etc. I think when you do the latter, you are asking for
trouble... As long as you plan well and understand the limits of the client
var scope then you should be fine.

As an aside, watching SQL profiler do it's thing on a live database with
3000 users on the site is a great way to scare yourself! The speed of the
transactions going through is something else!

Paul



~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:268780
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Client variables? reliable enough?

2007-02-05 Thread Robertson-Ravo, Neil (RX)

My experience has always been bad, they are pretty clunky. Even worse if you
store them in a DB, I would avoid them if you had the choice.

As for no sticky sessions, that only leaves you session replication with
ColdFusion under J2EE.




"This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions." 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Mike Kear
To: CF-Talk
Sent: Tue Feb 06 06:50:37 2007
Subject: Client variables? reliable enough?

I sat in a client briefing yesterday, and he said something that made me sit
up and take notice,could he be right?

I havent used Client variables since CF5, so I dont know if they are good
now or not, but i didnt have a problem back in the CF5 days but here's what
my client said (he has a lot of experience with CF going back to CF1, but he
hasnt done much CF coding since CF5.1)

He said, "dont use client variables, because they seem ok but in practice
they always cause problems.I want you to write your own state
maintenance stuff.   I don't want you to use sticky sessions either because
if a server goes down the other machine doesnt know the state."

The environment is going to be two or three servers running CF7 enterprise,
not sure if we're going Linux or Windows yet.

What do you make of what the client said?   Does it have any merit in
current versions?   Can anyone attest to reliability (or otherwise)  of
client vars in CF7?   (I should also add there is no chance we're going to
use the registry to store client vars - it's going to be in the database if
we use them)

-- 

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month




~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:268778
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables in MySQL

2006-04-10 Thread Thomas Chiverton

On Friday 07 April 2006 23:58, Jim McAtee wrote:
> But does CF5 utilize transactions (if available) for client variable
> storage?

Hope so.

-- 

Tom Chiverton 
Advanced ColdFusion Programmer

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237326
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client Variables in MySQL

2006-04-08 Thread Jochem van Dieten

Jim McAtee wrote:
> - Original Message - 
> From: "Jochem van Dieten" <[EMAIL PROTECTED]>
> To: "CF-Talk" 
> Sent: Saturday, April 08, 2006 2:13 AM
> Subject: Re: Client Variables in MySQL
> 
> 
>> Jim McAtee wrote:
>>> Are there any good reasons to use InnoDB for CF client varible storage 
>>> in
>>> MySQL, or are MyISAM tables sufficient?
>> Yes:
>> http://dev.mysql.com/doc/refman/4.1/en/internal-locking.html?ff=nopfpls
> 
> 
> Yes, what?  A or B?

Locking can be a good reason to use InnoDB. MyISAM always locks 
the entire table, InnoDB locks individual rows.

Jochem

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237250
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client Variables in MySQL

2006-04-08 Thread Jim McAtee

- Original Message - 
From: "Jochem van Dieten" <[EMAIL PROTECTED]>
To: "CF-Talk" 
Sent: Saturday, April 08, 2006 2:13 AM
Subject: Re: Client Variables in MySQL


> Jim McAtee wrote:
>> Are there any good reasons to use InnoDB for CF client varible storage 
>> in
>> MySQL, or are MyISAM tables sufficient?
>
> Yes:
> http://dev.mysql.com/doc/refman/4.1/en/internal-locking.html?ff=nopfpls


Yes, what?  A or B?


~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237241
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client Variables in MySQL

2006-04-08 Thread Jochem van Dieten

Jim McAtee wrote:
> Are there any good reasons to use InnoDB for CF client varible storage in 
> MySQL, or are MyISAM tables sufficient?

Yes: 
http://dev.mysql.com/doc/refman/4.1/en/internal-locking.html?ff=nopfpls

Jochem

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237224
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client Variables in MySQL

2006-04-07 Thread Jim McAtee

But does CF5 utilize transactions (if available) for client variable 
storage?


- Original Message - 
From: "Munson, Jacob" <[EMAIL PROTECTED]>
To: "CF-Talk" 
Sent: Friday, April 07, 2006 4:36 PM
Subject: RE: Client Variables in MySQL


> It's been a while, but I'm pretty sure that innoDB gives you
> transactions, if you need those.
>
>> -Original Message-
>> From: Jim McAtee [mailto:[EMAIL PROTECTED]
>> Sent: Friday, April 07, 2006 4:23 PM
>>
>> Are there any good reasons to use InnoDB for CF client
>> varible storage in
>> MySQL, or are MyISAM tables sufficient?  Running CF5.


~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237213
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: Client Variables in MySQL

2006-04-07 Thread Munson, Jacob

It's been a while, but I'm pretty sure that innoDB gives you
transactions, if you need those.

> -Original Message-
> From: Jim McAtee [mailto:[EMAIL PROTECTED] 
> Sent: Friday, April 07, 2006 4:23 PM
> 
> Are there any good reasons to use InnoDB for CF client 
> varible storage in 
> MySQL, or are MyISAM tables sufficient?  Running CF5.


[INFO] -- Access Manager:
This transmission may contain information that is privileged, confidential 
and/or exempt from disclosure under applicable law.  If you are not the 
intended recipient, you are hereby notified that any disclosure, copying, 
distribution, or use of the information contained herein (including any 
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in 
error, please immediately contact the sender and destroy the material in its 
entirety, whether in electronic or hard copy format.  Thank you.   A2



~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237212
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client variables

2005-10-08 Thread Charlie Griefer

http://depressedpress.com/Content/Development/ColdFusion/Guides/Variables/Index.cfm

On 10/8/05, Saturday (Stuart Kidd) <[EMAIL PROTECTED]> wrote:
> Hi guys,
>
> I have a competition on my site.  When a user enters the competition
> I set a client variable:
>
> 
> 
>
> I tested the competition a few days ago and now when i come to look
> at it I can see that the Client variable
> client.competitionEntry#url.ID# must still be equalling 1 as this
> line is in effect:
>
>  
>   ('client.competitionEntry#url.ID#')>
>
>  Show competition form here.
>
>  
>  
>
>  You have entered this competition.
>
> I automatically thought that client variables would end once the
> browser has been closed?  I have had my Mac switched off overnight,
> how could this be?
>
> Anyone who can shed some light on this I'd be very grateful.
>
> Thanks,
>
> Saturday
>
>
> 

~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220479
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: Client variables

2005-10-08 Thread Taco Fleur

Have a look at this, this will clear some of this up for you.
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915

Basically you need to set per-session cookies.

Taco Fleur - CEO
Pacific Fox http://www.pacificfox.com.au 
an industry leader with commercial IT experience since 1994 .

** Web Design and Development 

** SMS Solutions, including developer API

** Domain Registration, .com for as low as AUSD$15 a year

** Seamless Merchant integration

** We endorse PayPal, accept payments online now!



> -Original Message-
> From: Saturday (Stuart Kidd) [mailto:[EMAIL PROTECTED] 
> Sent: Saturday, 8 October 2005 6:36 PM
> To: CF-Talk
> Subject: Client variables
> 
> 
> Hi guys,
> 
> I have a competition on my site.  When a user enters the competition  
> I set a client variable:
> 
>  
> 
> I tested the competition a few days ago and now when i come to look  
> at it I can see that the Client variable  
> client.competitionEntry#url.ID# must still be equalling 1 as this  
> line is in effect:
> 
>  
>   ('client.competitionEntry#url.ID#')>
> 
>  Show competition form here.
> 
>  
>  
> 
>  You have entered this competition.
> 
> I automatically thought that client variables would end once the  
> browser has been closed?  I have had my Mac switched off overnight,  
> how could this be?
> 
> Anyone who can shed some light on this I'd be very grateful.
> 
> Thanks,
> 
> Saturday
> 
> 
> 

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220478
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: client variables and subdomains

2005-05-08 Thread Matt Robertson

Note in my first post I said "...You are ***supposed*** to be able to fix this
by adding ..."

I'm afraid my experience mirrors yours.  However, did you try deleting
the cookies your test system had already set to see if a fresh start
solved the issue?  That may be what it takes to get this
accomplished... but then again if you are trying to refit an app
you'll have zillions of existing users for whom you will also have
refit -- manually with a cookie deletion.  Do-able but pesky.

You are using client variables as they are actually meant to be used
-- truly long-term persistent storage.  I use them in place of session
vars because I am stuck with CF5 clustering support, expire them
within minutes and not weeks etc.

Given the traffic levels you referenced elsewhere, you must have an
enormous cvar database -- as in lots of records -- if as you say you
are storing those records for months.  IIRC, if CF creates the cvar
db's itself they aren't indexed so well.  Have you thought to look
into this and maybe make an adjustment there?  I'm going off of hazy
recollection here so I may be wrong, but its worth looking into.

What is your db platform, anyway?  Is it on the same server? 

-- 
--mattRobertson--
Janitor, MSB Web Systems
mysecretbase.com

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:206013
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: client variables and subdomains

2005-05-07 Thread Terry Ford

Hey Matt,

Hmm, setdomaincookies=YES doesn't seem to help either.  Server still creating 
different instances for www.domain.com and .domain.com.  

My use of client variables is actually pretty minor -- I just use a couple to 
store an integer key to a user table, and an encrypted password.  When a user 
returns to the site, I use those two client.vars to setup session info, tailor 
output, etc.  I suppose I could just use CFCOOKIEs for this and have greater 
control over how the cookies are set.  

Re: session variables and CFMX.  As I understand them, session variables in 
CFMX persist only as long as the browser is open, so wouldn't they be ill 
suited for the use outlined above, that of identifying returning visitors who 
may have been away for months?

I'll check out the link you provided.  

Thanks,
Terry

>it is the default behavior.  You are supposed to be able to fix this
>by adding "setdomaincookies="yes" in /Application.cfm.
>
>This is one of the server side code gotchas I was alluding to in your
>other thread.   I have to rely on client vars for practically
>*everything* insofar as state info and I just friggin' hate the grief
>that goes with client vars in cookies.  If you've got MX you can use
>session vars and save yourself a TON of grief.
>
>Have you checked out the CFMX Coding Standards?  This page seems pertinent:
>
>http://livedocs.macromedia.com/wtg/public/coding_standards/structure.html
>
>-- 
>--mattRobertson--
>Janitor, MSB Web Systems
>mysecretbase.com

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205999
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: client variables and subdomains

2005-05-07 Thread Matt Robertson

it is the default behavior.  You are supposed to be able to fix this
by adding "setdomaincookies="yes" in /Application.cfm.

This is one of the server side code gotchas I was alluding to in your
other thread.   I have to rely on client vars for practically
*everything* insofar as state info and I just friggin' hate the grief
that goes with client vars in cookies.  If you've got MX you can use
session vars and save yourself a TON of grief.

Have you checked out the CFMX Coding Standards?  This page seems pertinent:

http://livedocs.macromedia.com/wtg/public/coding_standards/structure.html

-- 
--mattRobertson--
Janitor, MSB Web Systems
mysecretbase.com

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205997
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: Client variables, registry vs. database

2005-02-03 Thread Calvin Ward

Well, an alternate solution is to use cookies for storage (registry is bad).
You'd have to be careful what you put in there for security reasons, as well
as space reasons.

I'd suggest limiting as much as possible putting anything into the client
scope, and if at all possible, stop using it altogether.

You can use cookies directly for identifiers and then use actual database
tables to store user information that needs to persist beyond a session.
Otherwise you can use sessions to store shorter term needs.

- Calvin

-Original Message-
From: Chad Nikirk [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 03, 2005 12:09 PM
To: CF-Talk
Subject: Client variables, registry vs. database

Hi,

I have been using cfmx 6.1 for quite a while and have the client variable
storage set to database.  I have a very nice beefy sql server that houses
the coldfusion database.  

Our site runs ok, but after running sql profiler, I could tell that the
database access times are kind of slow.   Just for a test I switched over to
registry and everything is much, much faster.  I do not want to leave my
settings on registry.  

Is it normal to see such a drastic difference in speed between registry and
database?  The coldfusion database has the appropiate indexes and is not
under any other substantial load.  Thoughts?  Thanks.



~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192946
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client variables, registry vs. database

2005-02-03 Thread Sean Corfield

On Thu, 03 Feb 2005 13:08:41 -0400, Chad Nikirk <[EMAIL PROTECTED]> wrote:
> I have been using cfmx 6.1 for quite a while and have the client variable 
> storage set to database.  I have a very nice beefy sql server that houses the 
> coldfusion database.

What are you actually using client variables for? There are a number
of pitfalls with them (performance being one, as you've discovered).
See also this Tech Note:

http://www.macromedia.com/go/2c12f978

> Is it normal to see such a drastic difference in speed between registry and 
> database?

Depending on what you're doing with your client variables, yes, quite
possibly. If your application relies that heavily on client variables
tho', putting them in the registry is going to cause you a world of
hurt as the registry grows etc.

"Client variables - just say no!"
-- 
Sean A Corfield -- http://www.corfield.org/
Team Fusebox -- http://www.fusebox.org/
Breeze Me! -- http://www.corfield.org/breezeme
Got Gmail? -- I have 50, yes 50, invites to give away!

"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192931
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Client variables, registry vs. database

2005-02-03 Thread Adrocknaphobia

Registry is obviously going to be faster as the OS can access those
values quicker than they can ask a database for those values. However,
using the registry is not recommended as the bigger your registry
gets, the slower your server will get.

-Adam

On Thu, 03 Feb 2005 13:08:41 -0400, Chad Nikirk <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> I have been using cfmx 6.1 for quite a while and have the client variable 
> storage set to database.  I have a very nice beefy sql server that houses the 
> coldfusion database.
> 
> Our site runs ok, but after running sql profiler, I could tell that the 
> database access times are kind of slow.   Just for a test I switched over to 
> registry and everything is much, much faster.  I do not want to leave my 
> settings on registry.
> 
> Is it normal to see such a drastic difference in speed between registry and 
> database?  The coldfusion database has the appropiate indexes and is not 
> under any other substantial load.  Thoughts?  Thanks.
> 
> 

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192923
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: client variables question

2004-04-25 Thread Dave Watts

> if I want to use an existing client variables database, and I 
> don't want cfmx to try and create the tables...how can I force 
> that?

Simply leave the "create tables" option unchecked within CF Administrator
when setting up your client repository.

> or maybe the question is...how portable are client var 
> databases?  it seems like cfmx wants to create the tables, 
> and if it cant, your screwed?

No, you can create them manually, or not create them at all if they're
already there. This is actually something commonly done. For example, if you
have a cluster of servers using the same client variable repository, you'd
only create the tables for the first server, then set up each other server
to use the same client variable repository without recreating the tables.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Re: client variables question

2004-04-25 Thread Rob

On Sun, 2004-04-25 at 12:23, Tony Weeg wrote:
> hi there.
> 
> if I want to use an existing client variables database, and I don't want
> cfmx to try and create the tables...how can I force that?
There is a check box when setting up the client variables that says 
something like "create tables". I think if you don't see that check box it
means cfmx doesn't know the proper commands to create the tables for
you.

> or maybe the question is...how portable are client var databases?  it
> seems like
> cfmx wants to create the tables, and if it cant, your screwed?
If it can't create the tables, you can make them yourself - hit help on
the client var setup page and it'll tell you the table names to use and
what types/column names to make in the tables.

-- 
Rob <[EMAIL PROTECTED]>
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Re: Client Variables and Uniqueness in a Load-Balanced Server Environment

2004-01-28 Thread Jochem van Dieten

Dave Carabetta wrote:
> 
> I would definitely check the "Use UUID" option the in the Admin. When we 
> were using the numeric CFTOKEN value, we ran in to all sorts of problems in 
> our load balanaced environment with duplicate values and "stealing" other 
> people's sessions. The alogorithm for generating the UUID uses the system 
> clock time down to the millisecond (among other things), so for all intents 
> and purposes, it's realistically impossible to have duplicate values.

The year 3400 is for UUIDs what the year 2000 is for 2 digit 
years and the year 2037 for Unix dates: they roll over. So you 
really should document somewhere that your application needs to 
be revised by about the year 3300.

Jochem

-- 
I don't get it
immigrants don't work
and steal our jobs
 - Loesje
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables and Uniqueness in a Load-Balanced Server Environment

2004-01-28 Thread Dave Carabetta

>(Not sure if this went through yesterday in the midst of virus-related 
>stuff, so forgive me if this is a double-post).
>
>I should know the answer to this, but I want to make sure that I'm thinking 
>this through correctly.
>
>I have websites running on load balanced web servers (one group running 
>CFMX, one group running CF4.5 (which won't be around much longer - it's 
>being migrated to MX)).  I want to move the client variables to a 
>datasource instead of the registry so that we can actually start using them 
>if we want to.
>

Smart move. Keeping them in the registry will kill you down the road.

>I assume that all web/CF servers should be pointing to the same db for 
>their client variable storage (my plan was to point all MX servers to one 
>db and all 4.5 servers to a second db).  This is correct, yes?
>
>If this does happen, is there a risk that two servers will generate the 
>same CFID and CFTOKEN values for two separate users?  Should I therefore be 
>checking the "Use UUID for cftoken" setting in the "Settings" section in 
>the CF admin (on the MX servers)?   I found the following technote 
>(http://www.macromedia.com/support/coldfusion/ts/documents/tn18133.htm), 
>which I assume takes care of this problem for 4.5 servers.
>

I would definitely check the "Use UUID" option the in the Admin. When we 
were using the numeric CFTOKEN value, we ran in to all sorts of problems in 
our load balanaced environment with duplicate values and "stealing" other 
people's sessions. The alogorithm for generating the UUID uses the system 
clock time down to the millisecond (among other things), so for all intents 
and purposes, it's realistically impossible to have duplicate values. 
However, there is one caveat to keep in mind. When you check this option, 
new values won't be set for clients with existing cookies with the 
CFID/CFTOKEN value. Checking this option (and I believe you also have to 
restart the CF service) only applies to *new* cookies being set on the 
client. So if you want to migrate your client's over to the UUID cftoken, 
you will have to write a small script to update their values (which isn't 
hard, but I've never been a fan of manually messing with the cfid/cftoken 
values).

Regards,
Dave.
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-26 Thread Stuart Kidd

Actually Mike, that appears to be working so maybe that's right! :-)

-Original Message-
From: Mike Townend [mailto:[EMAIL PROTECTED] 
Sent: 21 January 2004 14:27
To: CF-Talk
Subject: RE: Client Variables

If you dont want to use sessions then you could use the timestamping
thats
included in client variables

Client.LastVisit
Client.TimeCreated

And then in Application.cfm if Client.LastVisit is greater than say
Now() -
10 minutes then run some code to log them out.

HTH

-Original Message-
From: Stuart Kidd [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 21, 2004 14:22
To: CF-Talk
Subject: Client Variables

Hi guys,

I've just switched from the  mailing list to this one as i'm
no
longer in Australia but in the UK.  Is this the UK mailing list?

Anyhow, i've got an app in which i'm using Client variables.  The only
thing
i'm not happy with is that they don't time out.  Is there a way to make
them
timeout say like after 20 mins of no activity (and/or when the browser
is
closed)?

Or do i have to turn to Sessions?

Any help would be gratefully appreciated.

Thanks,

Saturday 
  _
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-21 Thread Stuart Kidd

Thanks for that Andrew I'll see if I can give that a bash.

Cheers,

-Original Message-
From: Andrew Scott [mailto:[EMAIL PROTECTED] 
Sent: 21 January 2004 23:32
To: CF-Talk
Subject: RE: Client Variables

Stuart,

You did get a basic answer but I will pipe in anyway...

Client variables are the same as session and application, they are based
on
the cfid & cftoken. I use client variables for login and logout for my
members.

The easiest thing to deal with is to expire the cfid & cftoken cookies,
this
will also allow for the client variable to become non existent if the
browser is closed as well. Now when you look at your cfide/adminstrator
settings client variables can be used to have a lastvisit but please
bare in
mind that will not be the best way to retire someone who needs to be
retired.

The reason behind this is that cf can change depending on your admin
settings, before your code actually runs. What I do is create another
variable in the client scope to deal with this, and only reset this if
the
verification is ok.

Regards
Andrew Scott
Technical Consultant

NuSphere Pty Ltd
Level 2/33 Bank Street
South Melbourne, Victoria, 3205

Phone: 03 9686 0485  -  Fax: 03 9699 7976   

  _  

From: Stuart Kidd [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 January 2004 1:35 AM
To: CF-Talk
Subject: RE: Client Variables

of Thanks Mike and Simon, between the two of you i have both my
questions
answered. :)

-- Original Message --
From: "Simon Horwith" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 21 Jan 2004 14:27:37 -

>The big list in the UK (also used by many other EU nationals) can be
found
>at http://lists.cfdeveloper.co.uk
>You can also find out about the London CF Community at
>http://www.ukcfug.org - the London CFUG site.
>
>In answer to your question, you use the deleteClientVariable() function
to
>manually delete a client variable.  You can also purge them from the
source
>in which they're stored (DB, Reg., or Cookie).
>
>~Simon
>
>Simon Horwith
>CTO, Etrilogy Ltd.
>Member of Team Macromedia
>Macromedia Certified Instructor
>Certified Advanced ColdFusion MX Developer
>Certified Flash MX Developer
>CFDJList - List Administrator
>http://www.how2cf.com/
>
>  -Original Message-
>  From: Stuart Kidd [mailto:[EMAIL PROTECTED]
>  Sent: 21 January 2004 14:22
>  To: CF-Talk
>  Subject: Client Variables
>
>
>  Hi guys,
>
>  I've just switched from the  mailing list to this one as
i'm no
>longer in Australia but in the UK.  Is this the UK mailing list?
>
>  Anyhow, i've got an app in which i'm using Client variables.  The
only
>thing i'm not happy with is that they don't time out.  Is there a way
to
>make them timeout say like after 20 mins of no activity (and/or when
the
>browser is closed)?
>
>  Or do i have to turn to Sessions?
>
>  Any help would be gratefully appreciated.
>
>  Thanks,
>
>  Saturday
>
> 
  _
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-21 Thread Andrew Scott

Stuart,

 
You did get a basic answer but I will pipe in anyway...

 
Client variables are the same as session and application, they are based on
the cfid & cftoken. I use client variables for login and logout for my
members.

 
The easiest thing to deal with is to expire the cfid & cftoken cookies, this
will also allow for the client variable to become non existent if the
browser is closed as well. Now when you look at your cfide/adminstrator
settings client variables can be used to have a lastvisit but please bare in
mind that will not be the best way to retire someone who needs to be
retired.

 
The reason behind this is that cf can change depending on your admin
settings, before your code actually runs. What I do is create another
variable in the client scope to deal with this, and only reset this if the
verification is ok.

Regards
Andrew Scott
Technical Consultant

NuSphere Pty Ltd
Level 2/33 Bank Street
South Melbourne, Victoria, 3205

Phone: 03 9686 0485  -  Fax: 03 9699 7976   

  _  

From: Stuart Kidd [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 January 2004 1:35 AM
To: CF-Talk
Subject: RE: Client Variables

of Thanks Mike and Simon, between the two of you i have both my questions
answered. :)

-- Original Message --
From: "Simon Horwith" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 21 Jan 2004 14:27:37 -

>The big list in the UK (also used by many other EU nationals) can be found
>at http://lists.cfdeveloper.co.uk
>You can also find out about the London CF Community at
>http://www.ukcfug.org - the London CFUG site.
>
>In answer to your question, you use the deleteClientVariable() function to
>manually delete a client variable.  You can also purge them from the source
>in which they're stored (DB, Reg., or Cookie).
>
>~Simon
>
>Simon Horwith
>CTO, Etrilogy Ltd.
>Member of Team Macromedia
>Macromedia Certified Instructor
>Certified Advanced ColdFusion MX Developer
>Certified Flash MX Developer
>CFDJList - List Administrator
>http://www.how2cf.com/
>
>  -Original Message-
>  From: Stuart Kidd [mailto:[EMAIL PROTECTED]
>  Sent: 21 January 2004 14:22
>  To: CF-Talk
>  Subject: Client Variables
>
>
>  Hi guys,
>
>  I've just switched from the  mailing list to this one as i'm no
>longer in Australia but in the UK.  Is this the UK mailing list?
>
>  Anyhow, i've got an app in which i'm using Client variables.  The only
>thing i'm not happy with is that they don't time out.  Is there a way to
>make them timeout say like after 20 mins of no activity (and/or when the
>browser is closed)?
>
>  Or do i have to turn to Sessions?
>
>  Any help would be gratefully appreciated.
>
>  Thanks,
>
>  Saturday
>
> 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-21 Thread Dave Watts

> Anyhow, i've got an app in which i'm using Client variables.  
> The only thing i'm not happy with is that they don't time 
> out.  Is there a way to make them timeout say like after 20 
> mins of no activity (and/or when the browser is closed)?
> 
> Or do i have to turn to Sessions?

You can control the cookies used to associate a browser with a set of Client
variables; you can make the cookies into session cookies, which will be
destroyed when the browser is closed. You can probably make them short-lived
in addition, although it's not usually as important to have Client variables
time out as it is for Session variables since they aren't stored in memory.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-21 Thread Stuart Kidd

of Thanks Mike and Simon, between the two of you i have both my questions answered. :)

-- Original Message --
From: "Simon Horwith" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 21 Jan 2004 14:27:37 -

>The big list in the UK (also used by many other EU nationals) can be found
>at http://lists.cfdeveloper.co.uk
>You can also find out about the London CF Community at
>http://www.ukcfug.org - the London CFUG site.
>
>In answer to your question, you use the deleteClientVariable() function to
>manually delete a client variable.  You can also purge them from the source
>in which they're stored (DB, Reg., or Cookie).
>
>~Simon
>
>Simon Horwith
>CTO, Etrilogy Ltd.
>Member of Team Macromedia
>Macromedia Certified Instructor
>Certified Advanced ColdFusion MX Developer
>Certified Flash MX Developer
>CFDJList - List Administrator
>http://www.how2cf.com/
>
>  -Original Message-
>  From: Stuart Kidd [mailto:[EMAIL PROTECTED]
>  Sent: 21 January 2004 14:22
>  To: CF-Talk
>  Subject: Client Variables
>
>
>  Hi guys,
>
>  I've just switched from the  mailing list to this one as i'm no
>longer in Australia but in the UK.  Is this the UK mailing list?
>
>  Anyhow, i've got an app in which i'm using Client variables.  The only
>thing i'm not happy with is that they don't time out.  Is there a way to
>make them timeout say like after 20 mins of no activity (and/or when the
>browser is closed)?
>
>  Or do i have to turn to Sessions?
>
>  Any help would be gratefully appreciated.
>
>  Thanks,
>
>  Saturday
>
>
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-21 Thread Simon Horwith

The big list in the UK (also used by many other EU nationals) can be found
at http://lists.cfdeveloper.co.uk
You can also find out about the London CF Community at
http://www.ukcfug.org - the London CFUG site.

In answer to your question, you use the deleteClientVariable() function to
manually delete a client variable.  You can also purge them from the source
in which they're stored (DB, Reg., or Cookie).

~Simon

Simon Horwith
CTO, Etrilogy Ltd.
Member of Team Macromedia
Macromedia Certified Instructor
Certified Advanced ColdFusion MX Developer
Certified Flash MX Developer
CFDJList - List Administrator
http://www.how2cf.com/

  -Original Message-
  From: Stuart Kidd [mailto:[EMAIL PROTECTED]
  Sent: 21 January 2004 14:22
  To: CF-Talk
  Subject: Client Variables

  Hi guys,

  I've just switched from the  mailing list to this one as i'm no
longer in Australia but in the UK.  Is this the UK mailing list?

  Anyhow, i've got an app in which i'm using Client variables.  The only
thing i'm not happy with is that they don't time out.  Is there a way to
make them timeout say like after 20 mins of no activity (and/or when the
browser is closed)?

  Or do i have to turn to Sessions?

  Any help would be gratefully appreciated.

  Thanks,

  Saturday
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Client Variables

2004-01-21 Thread Mike Townend

If you dont want to use sessions then you could use the timestamping thats
included in client variables

 
Client.LastVisit
Client.TimeCreated

 
And then in Application.cfm if Client.LastVisit is greater than say Now() -
10 minutes then run some code to log them out.

HTH

-Original Message-
From: Stuart Kidd [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 21, 2004 14:22
To: CF-Talk
Subject: Client Variables

Hi guys,

I've just switched from the  mailing list to this one as i'm no
longer in Australia but in the UK.  Is this the UK mailing list?

Anyhow, i've got an app in which i'm using Client variables.  The only thing
i'm not happy with is that they don't time out.  Is there a way to make them
timeout say like after 20 mins of no activity (and/or when the browser is
closed)?

Or do i have to turn to Sessions?

Any help would be gratefully appreciated.

Thanks,

Saturday 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Re: client variables ??

2003-08-14 Thread cf-talk

CDATA and CGLOBAL tables are created when you're in the ColdFusion
Administrator and specify that you want to use a database to store
client/session variables.

Take a look in the ColdFusion Administrator for more information/control on
which database you want those tables in.

-Novak

- Original Message - 
From: "Tim Laureska" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, August 13, 2003 8:47 PM
Subject: client variables ??


> How does CF know which table within a DB to store client variables in?
> Does CF create the table?
>
> In one attempt at this I found two tables called CDATA and CGLOBAL that
> I had not created in the database... were these automatically created by
> CF?
>
> I deleted these two tables just to see what would happen... but when I
> accessed the application again, the tables did not come back ??
>
> Here's an excert from the application.cfm
>
>  clientmanagement="yes"
> clientstorage="jobs_available"
> SessionManagement="yes"
> SessionTimeout=#CreateTimeSpan(0,0,0,30)#
> ApplicationTimeout=#CreateTimeSpan(30,0,0,0)#>
>
>
> Stumbling & fumbling thru seesion/client variables I go
>
>
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: client variables ??

2003-08-14 Thread Brook Davies

In the cfadministrator, under the client variable settings, you can select 
an option to create these tables automatically.

Brook

At 11:47 PM 8/13/2003 -0400, you wrote:
>How does CF know which table within a DB to store client variables in?
>Does CF create the table?
>
>In one attempt at this I found two tables called CDATA and CGLOBAL that
>I had not created in the database... were these automatically created by
>CF?
>
>I deleted these two tables just to see what would happen... but when I
>accessed the application again, the tables did not come back ??
>
>Here's an excert from the application.cfm
>
>clientmanagement="yes"
>clientstorage="jobs_available"
>SessionManagement="yes"
>SessionTimeout=#CreateTimeSpan(0,0,0,30)#
>ApplicationTimeout=#CreateTimeSpan(30,0,0,0)#>
>
>
>Stumbling & fumbling thru seesion/client variables I go
>
>
>
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: client variables problem on MX

2003-06-09 Thread Bud

>I think I have the same problem with client vars.  But in my case one out of
>every ~5000 users gets an error.
>
>"null null
>The error occurred on line 4."
>
>Line 4 is the .
>
>Does this sound like the same problem?
>
>I have been trying to track this problem down.
>
>I saw something a few months ago in the MM forums.  I have not hade time to
>go back and check it out. This is the first week that I have not been under
>the gun to crank projects out.
>
>If you are having the same problem, and find a fix email me. I will do the
>same.

I'm not getting an error. I'm just getting cfid and cftoken set 
blank. This causing everyone to share the same client variables. 
Crystal Tech acts like they don't believe me.
-- 

Bud Schneehagen - Tropical Web Creations, Inc.

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Web Based Solutions / eCommerce Development & Hosting
http://www.twcreations.com/ - http://www.cf-ezcart.com/
954.721.3452 - Toll Free: 877.207.6397 - Fax: 954.721.7493
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: client variables problem on MX

2003-06-09 Thread Mark W. Breneman

I think I have the same problem with client vars.  But in my case one out of
every ~5000 users gets an error.

"null null
The error occurred on line 4."

Line 4 is the .

Does this sound like the same problem?

I have been trying to track this problem down.

I saw something a few months ago in the MM forums.  I have not hade time to
go back and check it out. This is the first week that I have not been under
the gun to crank projects out.

If you are having the same problem, and find a fix email me. I will do the
same.

Mark W. Breneman
-Macromedia Certified ColdFusion Developer
-Network / Web Server Administrator
  Vivid Media
  [EMAIL PROTECTED]
  www.vividmedia.com
  608.270.9770

-Original Message-
From: Bud [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 4:05 PM
To: CF-Talk
Subject: client variables problem on MX


Hi all. I have a ticket into Crystal Tech support on this, but I
thought I'd try for some feedback here also.

What is happening is, client.cfid and client.cftoken are coming up
blank. This is only on Windows on IE 5 and 6, and only when cookies
are enabled.

At login I set a client variable of client.mem_id. When the next user
comes to the site using IE on Windows, he is automatically logged in
as the previous user because CFID and CFTOKEN match for both (they
are blank). UGH!

Anyone run into this? Is this supposed to be happening? I'd expect
not because it only happens on IE.

Is there a way to check if cfid and/or cftoken are blank and manually set
them?
--

Bud Schneehagen - Tropical Web Creations, Inc.

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Web Based Solutions / eCommerce Development & Hosting
http://www.twcreations.com/ - http://www.cf-ezcart.com/
954.721.3452 - Toll Free: 877.207.6397 - Fax: 954.721.7493

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables and SSL problem

2003-05-29 Thread John Paul Ashenfelter

- Original Message - 
From: "Andre Turrettini" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, May 28, 2003 3:33 PM
Subject: RE: Client variables and SSL problem


> you might try appending the cfidtoken to the url on the links that move to
> ssl.  This would only fix it if indeed the cookie is getting lost or
> something.  This would probably be cleint specific and explain why it only
> happens to certain accounts.
>
> DRE
>

Another good suggestion -- but already doing that. Looks like it was a
conflict between client variables set when the user originally logged in
using http and other times when they logged in using https -- there are a
pair of client ids for most of our frequent users.

Regards,

John Paul Ashenfelter
CTO/TransitionPoint


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables and SSL problem

2003-05-29 Thread John Paul Ashenfelter

- Original Message - 
From: "Bryan Love" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, May 28, 2003 3:18 PM
Subject: RE: Client variables and SSL problem

> As you know, client variables are keyed off of cfid and cftoken which MUST
> be passed via cookie or url in order to maintain state.  What you might
not
> know is that client variables are also keyed off of the application name
(as
> specified in ).  Make sure the application name is the
> same for the http site and the https site and perhaps that will fix it.
>

Another good suggestion, but no dice. Doublechecked the database (client
variables are stored in MSSQL via ODBC) and only one application name. I
*did* notice that many users have multiple clientId values (I searched
through the CDATA.data field for usernames to find dupes). These map fairly
well to http vs https logins and I validated the same thing from a test
server -- I can watch the cfid change when I login http and login https from
the same browser on the same machine.

So I'm rewriting the security system now :)

Regards,

John Paul Ashenfelter
CTO/TransitionPoint

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client variables and SSL problem

2003-05-29 Thread Andre Turrettini

you might try appending the cfidtoken to the url on the links that move to
ssl.  This would only fix it if indeed the cookie is getting lost or
something.  This would probably be cleint specific and explain why it only
happens to certain accounts.

DRE

> -Original Message-
> From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, May 28, 2003 10:54 AM
> To: CF-Talk
> Subject: Re: Client variables and SSL problem
> 
> 
> From: "Calvin Ward" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, May 28, 2003 11:58 AM
> Subject: Re: Client variables and SSL problem
> 
> 
> > My inclination is that HTTPS and HTTP are considered 'seperate' 
> > domains.
> >
> > I would consider tracking down why the user is being 
> switched back and 
> > forth, and if possible keep them in one place.
> >
> > Calvin
> >
> 
> That was my first guess -- it certainly *IS* true for 
> session-scoped variables. But the problem is sporadic, not 
> consistent. I've got several accounts that work fine, others 
> than consistently don't. So it's not something that straightforward.
> 
> Regards,
> 
> John Paul Ashenfelter
> CTO/TransitionPoint
> - Original Message - 
> 
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client variables and SSL problem

2003-05-29 Thread Bryan Love

As you know, client variables are keyed off of cfid and cftoken which MUST
be passed via cookie or url in order to maintain state.  What you might not
know is that client variables are also keyed off of the application name (as
specified in ).  Make sure the application name is the
same for the http site and the https site and perhaps that will fix it.

+---+
Bryan Love
  Database Analyst
  Macromedia Certified Professional
  Internet Application Developer
TeleCommunication Systems
[EMAIL PROTECTED]
+---+

"...'If there must be trouble, let it be in my day, that my child may have
peace'..."
- Thomas Paine, The American Crisis

"Let's Roll"
- Todd Beamer, Flight 93



-Original Message-
From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 7:26 AM
To: CF-Talk
Subject: Client variables and SSL problem


Hi folks,

I'm working with a client who has a legacy (read that as pretty poorly
written) ColdFusion 5 application and I'm experiencing some weirdness with
client-scoped variables when the protocol changes from http to https (which
it does somewhat randomly on their site).

Client variables hold the login information. Everything works fine for users
on the http portion of the site. Many users (NOT all -- some work fine) get
the "you are not a registered user, please login" which is triggered by the
absense of client variables when they move from the http portion of the site
to https. 

The problem has gotten worse recently, which correlates with some changes I
have made. I enabled "setDomainCookies" since the site is moving to a
cluster. I moved the physical location of the client variable storage from
one MSSQL database (on the same box) to a dedicated database server -- I
copied the client variable storage database from the original to the new
machine. I've also renamed the underlying machine for the web site (again,
as part of the cluster rollout) and it's a Win2k box running Apache 1.3 and
OpenSSL (which is possibly relevant since SSL/https is where the issue
occurs).

Any ideas? I'm coming through the code archives to see if anything else
changed, but I'm puzzled. I honestly think there's some pretty bad code in
the whole security process, but the site was working more reliably in the
past so it can't simply be "the code is garbage".

Regards,

John Paul Ashenfelter
CTO/TransitionPoint


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables and SSL problem

2003-05-29 Thread John Paul Ashenfelter

From: "Calvin Ward" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, May 28, 2003 11:58 AM
Subject: Re: Client variables and SSL problem

> My inclination is that HTTPS and HTTP are considered 'seperate' domains.
>
> I would consider tracking down why the user is being switched back and
> forth, and if possible keep them in one place.
>
> Calvin
>

That was my first guess -- it certainly *IS* true for session-scoped
variables. But the problem is sporadic, not consistent. I've got several
accounts that work fine, others than consistently don't. So it's not
something that straightforward.

Regards,

John Paul Ashenfelter
CTO/TransitionPoint
- Original Message - 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client variables and SSL problem

2003-05-29 Thread Calvin Ward

My inclination is that HTTPS and HTTP are considered 'seperate' domains.

I would consider tracking down why the user is being switched back and
forth, and if possible keep them in one place.

Calvin

- Original Message - 
From: "John Paul Ashenfelter" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, May 28, 2003 10:25 AM
Subject: Client variables and SSL problem


> Hi folks,
>
> I'm working with a client who has a legacy (read that as pretty poorly
written) ColdFusion 5 application and I'm experiencing some weirdness with
client-scoped variables when the protocol changes from http to https (which
it does somewhat randomly on their site).
>
> Client variables hold the login information. Everything works fine for
users on the http portion of the site. Many users (NOT all -- some work
fine) get the "you are not a registered user, please login" which is
triggered by the absense of client variables when they move from the http
portion of the site to https.
>
> The problem has gotten worse recently, which correlates with some changes
I have made. I enabled "setDomainCookies" since the site is moving to a
cluster. I moved the physical location of the client variable storage from
one MSSQL database (on the same box) to a dedicated database server -- I
copied the client variable storage database from the original to the new
machine. I've also renamed the underlying machine for the web site (again,
as part of the cluster rollout) and it's a Win2k box running Apache 1.3 and
OpenSSL (which is possibly relevant since SSL/https is where the issue
occurs).
>
> Any ideas? I'm coming through the code archives to see if anything else
changed, but I'm puzzled. I honestly think there's some pretty bad code in
the whole security process, but the site was working more reliably in the
past so it can't simply be "the code is garbage".
>
> Regards,
>
> John Paul Ashenfelter
> CTO/TransitionPoint
>
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Ben Koshy

That is correct... The CF5.0 does tend to give out the same
CFTOKENs/CFID pairs which cause a lot of security issues when you're
relying soley on the CFTOKEN/CFID pair to be unique.  There is an
article on MM's site that tells you how to edit your registry to move
your CFTOKENs to a 32 Bit UUID...and on top of that, we implemented a
UUID Pair Value System outside of the CFID/CFTOKEN system that plants a
Unique UUID() on the Customer's machine and sets a client variable to
the same.  If they ever become out of sync, we reset their CFTOKEN/CFID
Pair and start over.  It seems to have resolved the issue.  Even with th
32Bit UUID for the CFTOKEN, we were still getting the odd complaint of
client variable swapping/session swapping.  On top of that we also
followed Ebay's & as someone mentioned Amazon's example of forcing login
to edit/view all sensitive data.


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Matt Robertson

Howard Owens wrote:
>It seems like this wouldn't work in on clustered servers, if I 
>understand your suggestion correctly -- to check for the 
>session var on interior pages.

But it does with a cvar.  Of course you have to expire the thing in minutes like a 
session var.  Got the following from Hal Helms site.  Settings.SessionLasts is a 
numeric value taken from a query:



...expire your session-specific cvars here...


---
 Matt Robertson, [EMAIL PROTECTED]
 MSB Designs, Inc. http://mysecretbase.com
---


-- Original Message --
From: "Owens, Howard" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
date: Thu, 30 Jan 2003 15:09:48 -0800


>
>H.
>
>
>> -Original Message-
>> From:Tilbrook, Peter [SMTP:[EMAIL PROTECTED]]
>> Sent:Thursday, January 30, 2003 3:01 PM
>> To:  CF-Talk
>> Subject: RE: Client Variables - Serious Problem
>> 
>> You need a way to detect if a browser has come into the site correctly,
>> ideally the home page, so set a Session variable on the home page
>> somewhere.
>> At the top of your other pages test if this variable exists and if it
>> doesn't do a CFLOCATION to the home page with ADDUURL="yes".
>> 
>> -Original Message-
>> From: Webmaster [mailto:[EMAIL PROTECTED]] 
>> Sent: Friday, 31 January 2003 9:46 AM
>> To: CF-Talk
>> Subject: Re: Client Variables - Serious Problem
>> 
>>  
>
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

It seems like this wouldn't work in on clustered servers, if I understand
your suggestion correctly -- to check for the session var on interior pages.

H.


> -Original Message-
> From: Tilbrook, Peter [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 3:01 PM
> To:   CF-Talk
> Subject:  RE: Client Variables - Serious Problem
> 
> You need a way to detect if a browser has come into the site correctly,
> ideally the home page, so set a Session variable on the home page
> somewhere.
> At the top of your other pages test if this variable exists and if it
> doesn't do a CFLOCATION to the home page with ADDUURL="yes".
> 
> -Original Message-
> From: Webmaster [mailto:[EMAIL PROTECTED]] 
> Sent: Friday, 31 January 2003 9:46 AM
> To: CF-Talk
> Subject: Re: Client Variables - Serious Problem
> 
>   
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Tilbrook, Peter

You need a way to detect if a browser has come into the site correctly,
ideally the home page, so set a Session variable on the home page somewhere.
At the top of your other pages test if this variable exists and if it
doesn't do a CFLOCATION to the home page with ADDUURL="yes".

-Original Message-
From: Webmaster [mailto:[EMAIL PROTECTED]] 
Sent: Friday, 31 January 2003 9:46 AM
To: CF-Talk
Subject: Re: Client Variables - Serious Problem

Someone emailed the URL to someone else or a search engine has a link with
the full url, cftoken included.

  We have a customer that will not allow cookies, for good reasons.  So we
have to use the URL to pass the CFID.  We use client vars to track the
session because session vars don't work behind a load balancer without
cookies. (Specially if the uses IP address is different for each request
(AOL, IBM etc)...
  So, you will run into a problem if someone emails the URL with the cftoken
in it or a search engine gets it.  Now anyone using that search engine and
clicks on the link with the URLTOKEN in it will take on the personality
associated with that token.

  What we did was added code to the application.cfm to check for the
referrer.  If the referrer is blank, which it will be if coming from an
email, or if the referrer is not my host name, we clear the client.cfltoken
vars.  This gives them a new cftoken.  This seems to work, however, some
browsers do not pass the referrer.  So, we are still looking for an optimal
solution.  If only we could use cookies, this would solve the problem.

By the way. Amazon.com also has this problem because they work without
cookies also, so we are not alone.
1: Go to Amazon.com
2: Put something in your cart.
3: Now send that URL to someone, or put it into another machine you have
locally.
4: Now delete the cart.
5: go back to your first machine, and your cart is gone.
So if you email the URL to show someone the cart, they can delete it.  If
that URL gets into a search engine, it can cause grief for a few days. This
should not happen often so Amazon is not going to try to fix the problem.
This is why Amazon forces you to enter your email and password every time on
check out, even if you have cookies enabled...

- Original Message -
From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 4:41 PM
Subject: Re: Client Variables - Serious Problem

> Currently I pass every link like this:
>
> Link
>
> I will try your suggestion.
>
> NOTE: I just recieved an email from a user who said someone knew all 
> their personal information ... sooo this is looking like a huge 
> problem.
>
> Thank you
> Paul Giesenhagen
> QuillDesign
>
> - Original Message -
> From: "Owens, Howard" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, January 30, 2003 3:31 PM
> Subject: RE: Client Variables - Serious Problem
>
>
> > Paul:
> >
> > Are you on a cluster of servers?
> >
> > Also, how are you tracking CFID, CFTOKEN.
> >
> > I've found for the most stable success, I need to appened
> #client.URLTOKEN#
> > to every URL, including those passed in FORMS, and I also got better
> results
> > by dropping this on my Application.cfm page (at the suggestion of a 
> > list
> > member):
> >
> >  > clientmanagement="yes"
> >setclientcookies="yes" clientstorage="dbClientVars"
> > SETDOMAINCOOKIES="true">
> >
> > followed by
> >
> >  
> >  > secure="Yes">
> >
> > Hope this helps.
> >
> > H.
> >
> >
> > > -Original Message-
> > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 30, 2003 1:08 PM
> > > To: CF-Talk
> > > Subject: Client Variables - Serious Problem
> > >
> > > Question:
> > >
> > > I am using client variables to login users and keep their 
> > > information while roaming the site.  The problem is I just went 
> > > into the site and
it
> > > had me logged as another user of the site... Below is the code I 
> > > am
> using
> > > to login in a user  I haven't used the client variables alot 
> > > so if
> you
> > > see something I am doing wrong, please enlighten.
> > >
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >  > > output="client.member">
> > >
> > >
> > >
> > > 
> > >
> > > 
> > >  
> > >  
> > > 
&

RE: Client Variables - Serious Problem

Good info ... 

I like the idea of resetting the client vars in the application.cfm.  I
would say that depending on the application, if referrers are blocked, it
may not be a major issue, though I could see where this would be a problem
for, say, a shopping cart.

This reminds me, too, of why, on an auction app I built, I require explicit
logins for each and every bid (password only), and each and every time a
user returns to check his current bid page.

H.


> -Original Message-
> From: Webmaster [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 2:46 PM
> To:   CF-Talk
> Subject:  Re: Client Variables - Serious Problem
> 
> Someone emailed the URL to someone else or a search engine has a link with
> the full url, cftoken included.
> 
>   We have a customer that will not allow cookies, for good reasons.  So we
> have to use the URL to pass the CFID.  We use client vars to track the
> session because session vars don't work behind a load balancer without
> cookies. (Specially if the uses IP address is different for each request
> (AOL, IBM etc)...
>   So, you will run into a problem if someone emails the URL with the
> cftoken
> in it or a search engine gets it.  Now anyone using that search engine and
> clicks on the link with the URLTOKEN in it will take on the personality
> associated with that token.
> 
>   What we did was added code to the application.cfm to check for the
> referrer.  If the referrer is blank, which it will be if coming from an
> email, or if the referrer is not my host name, we clear the
> client.cfltoken
> vars.  This gives them a new cftoken.  This seems to work, however, some
> browsers do not pass the referrer.  So, we are still looking for an
> optimal
> solution.  If only we could use cookies, this would solve the problem.
> 
> By the way. Amazon.com also has this problem because they work without
> cookies also, so we are not alone.
> 1: Go to Amazon.com
> 2: Put something in your cart.
> 3: Now send that URL to someone, or put it into another machine you have
> locally.
> 4: Now delete the cart.
> 5: go back to your first machine, and your cart is gone.
> So if you email the URL to show someone the cart, they can delete it.  If
> that URL gets into a search engine, it can cause grief for a few days.
> This should not happen often so Amazon is not going to try to fix the
> problem.
> This is why Amazon forces you to enter your email and password every time
> on
> check out, even if you have cookies enabled...
> 
> 
> 
> - Original Message -
> From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, January 30, 2003 4:41 PM
> Subject: Re: Client Variables - Serious Problem
> 
> 
> > Currently I pass every link like this:
> >
> > Link
> >
> > I will try your suggestion.
> >
> > NOTE: I just recieved an email from a user who said someone knew all
> their
> > personal information ... sooo this is looking like a huge problem.
> >
> > Thank you
> > Paul Giesenhagen
> > QuillDesign
> >
> > - Original Message -
> > From: "Owens, Howard" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Thursday, January 30, 2003 3:31 PM
> > Subject: RE: Client Variables - Serious Problem
> >
> >
> > > Paul:
> > >
> > > Are you on a cluster of servers?
> > >
> > > Also, how are you tracking CFID, CFTOKEN.
> > >
> > > I've found for the most stable success, I need to appened
> > #client.URLTOKEN#
> > > to every URL, including those passed in FORMS, and I also got better
> > results
> > > by dropping this on my Application.cfm page (at the suggestion of a
> list
> > > member):
> > >
> > >  > > clientmanagement="yes"
> > >setclientcookies="yes"
> > > clientstorage="dbClientVars"
> > > SETDOMAINCOOKIES="true">
> > >
> > > followed by
> > >
> > > 
> > >  secure="Yes">
> > >
> > > Hope this helps.
> > >
> > > H.
> > >
> > >
> > > > -Original Message-
> > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Thursday, January 30, 2003 1:08 PM
> > > > To: CF-Talk
> > > > Subject: Client Variables - Serious Problem
> > > >
> > > > Question:
> > > >
> > > > I am using client variables to login users and keep their
&g

RE: Client Variables - Serious Problem

It should, but I haven't fully tested it ... but anonymizer, as I understand
it, deals merely with cookies and HTTP headers and CGI variables, but not
URL strings.  So if your tokens are passed in the strings, they should
persist and help you maintain state.  Probably the only place you'd loose
state is across user sessions, which means users would need to explicitly
log in for every session, if state-type variables are necessary for each
client across multiple sessions.

And remember, you can do 

H.


> -Original Message-
> From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 2:40 PM
> To:   CF-Talk
> Subject:  Re: Client Variables - Serious Problem
> 
> So making sure EVERY link is passing the #urlToken# keeps you safe ...
> even
> from something like anonymizer?
> 
> Paul Giesenhagen
> QuillDesign
> 
> - Original Message -
> From: "Owens, Howard" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, January 30, 2003 4:29 PM
> Subject: RE: Client Variables - Serious Problem
> 
> 
> > It's merely a back up ... to help the browser remember ...
> >
> > Of course, if the user is using something like anonymizer, then even
> this
> > isn't going to help, except explicitly passing the variables.
> >
> > H.
> >
> >
> > > -Original Message-
> > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 30, 2003 2:22 PM
> > > To: CF-Talk
> > > Subject: Re: Client Variables - Serious Problem
> > >
> > > Why does the cfcookie in the application.cfm file fix the problem?!?!
> > > What
> > > if they have cookies turned off?
> > >
> > > Paul Giesenhagen
> > > QuillDesign
> > > - Original Message -
> > > From: "Owens, Howard" <[EMAIL PROTECTED]>
> > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > Sent: Thursday, January 30, 2003 4:08 PM
> > > Subject: RE: Client Variables - Serious Problem
> > >
> > >
> > > > No need to do that ...
> > > >
> > > > The code I gave you solved my problem ... which is the exact same
> > > problem
> > > > you are having.  I've been through this, and a combination of things
> I
> > > got
> > > > from this list, and my own guessing, I came up with the system I
> know
> > > use.
> > > >
> > > > In fact, I've gained so much confidence in this system that I no
> longer
> > > use
> > > > session variables, which require locking (extra, confusing code).
> If
> I
> > > need
> > > > to pass complex data types, I juse WDDX.  I no longer have issues of
> > > users
> > > > getting mixed up (knock on wood), whether its a clustered server
> > > environ,
> > > or
> > > > single server.
> > > >
> > > > H.
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > > > Sent: Thursday, January 30, 2003 2:08 PM
> > > > > To: CF-Talk
> > > > > Subject: Re: Client Variables - Serious Problem
> > > > >
> > > > > Well, I am storing them in the DB...  I think I am missing
> something
> > > on
> > > > > Client Variables .. (which I hang my head :)
> > > > >
> > > > > Should I be keeping the key CFID associated with the memberID in
> the
> > > db?
> > > > >
> > > > > Paul Giesenhagen
> > > > > QuillDesign
> > > > >
> > > > > - Original Message -
> > > > > From: "Matt Robertson" <[EMAIL PROTECTED]>
> > > > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > > > Sent: Thursday, January 30, 2003 4:03 PM
> > > > > Subject: Re: Client Variables - Serious Problem
> > > > >
> > > > >
> > > > > > While the symptoms Paul described are indeed similar to a
> failure
> to
> > > > > lock
> > > > > a session variable, listen to Ray and remember his level of
> > > > > involvement/expertise with CF.  Since client vars are stored in a
> > > > > database,
> > > > > a special mini-db in the registry or cookies, you have no shared
> > > memory
> > > > >

Re: Client Variables - Serious Problem

2003-01-30 Thread Webmaster

Someone emailed the URL to someone else or a search engine has a link with
the full url, cftoken included.

  We have a customer that will not allow cookies, for good reasons.  So we
have to use the URL to pass the CFID.  We use client vars to track the
session because session vars don't work behind a load balancer without
cookies. (Specially if the uses IP address is different for each request
(AOL, IBM etc)...
  So, you will run into a problem if someone emails the URL with the cftoken
in it or a search engine gets it.  Now anyone using that search engine and
clicks on the link with the URLTOKEN in it will take on the personality
associated with that token.

  What we did was added code to the application.cfm to check for the
referrer.  If the referrer is blank, which it will be if coming from an
email, or if the referrer is not my host name, we clear the client.cfltoken
vars.  This gives them a new cftoken.  This seems to work, however, some
browsers do not pass the referrer.  So, we are still looking for an optimal
solution.  If only we could use cookies, this would solve the problem.

By the way. Amazon.com also has this problem because they work without
cookies also, so we are not alone.
1: Go to Amazon.com
2: Put something in your cart.
3: Now send that URL to someone, or put it into another machine you have
locally.
4: Now delete the cart.
5: go back to your first machine, and your cart is gone.
So if you email the URL to show someone the cart, they can delete it.  If
that URL gets into a search engine, it can cause grief for a few days.
This should not happen often so Amazon is not going to try to fix the
problem.
This is why Amazon forces you to enter your email and password every time on
check out, even if you have cookies enabled...



- Original Message -
From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 4:41 PM
Subject: Re: Client Variables - Serious Problem


> Currently I pass every link like this:
>
> Link
>
> I will try your suggestion.
>
> NOTE: I just recieved an email from a user who said someone knew all their
> personal information ... sooo this is looking like a huge problem.
>
> Thank you
> Paul Giesenhagen
> QuillDesign
>
> - Original Message -
> From: "Owens, Howard" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, January 30, 2003 3:31 PM
> Subject: RE: Client Variables - Serious Problem
>
>
> > Paul:
> >
> > Are you on a cluster of servers?
> >
> > Also, how are you tracking CFID, CFTOKEN.
> >
> > I've found for the most stable success, I need to appened
> #client.URLTOKEN#
> > to every URL, including those passed in FORMS, and I also got better
> results
> > by dropping this on my Application.cfm page (at the suggestion of a list
> > member):
> >
> >  > clientmanagement="yes"
> >setclientcookies="yes"
> > clientstorage="dbClientVars"
> > SETDOMAINCOOKIES="true">
> >
> > followed by
> >
> > 
> > 
> >
> > Hope this helps.
> >
> > H.
> >
> >
> > > -Original Message-
> > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 30, 2003 1:08 PM
> > > To: CF-Talk
> > > Subject: Client Variables - Serious Problem
> > >
> > > Question:
> > >
> > > I am using client variables to login users and keep their information
> > > while roaming the site.  The problem is I just went into the site and
it
> > > had me logged as another user of the site... Below is the code I am
> using
> > > to login in a user  I haven't used the client variables alot so if
> you
> > > see something I am doing wrong, please enlighten.
> > >
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >
> > >
> > >
> > > 
> > >
> > > 
> > >  
> > > 
> > > 
> > > 
> > > 
> > >
> > > When I opened my browser and went to the site, It thought i was a
> > > different user ... how could something like this have happened??
> > >
> > > Any help or if you all need more information, please let me konw.
> > >
> > > (Win2K, CF5 - Single Machine)
> > >
> > > Thank you
> > > Paul Giesenhagen
> > > QuillDesign
> > >
> > >
> >
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

So making sure EVERY link is passing the #urlToken# keeps you safe ... even
from something like anonymizer?

Paul Giesenhagen
QuillDesign

- Original Message -
From: "Owens, Howard" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 4:29 PM
Subject: RE: Client Variables - Serious Problem


> It's merely a back up ... to help the browser remember ...
>
> Of course, if the user is using something like anonymizer, then even this
> isn't going to help, except explicitly passing the variables.
>
> H.
>
>
> > -Original Message-
> > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 2:22 PM
> > To: CF-Talk
> > Subject: Re: Client Variables - Serious Problem
> >
> > Why does the cfcookie in the application.cfm file fix the problem?!?!
> > What
> > if they have cookies turned off?
> >
> > Paul Giesenhagen
> > QuillDesign
> > - Original Message -
> > From: "Owens, Howard" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Thursday, January 30, 2003 4:08 PM
> > Subject: RE: Client Variables - Serious Problem
> >
> >
> > > No need to do that ...
> > >
> > > The code I gave you solved my problem ... which is the exact same
> > problem
> > > you are having.  I've been through this, and a combination of things I
> > got
> > > from this list, and my own guessing, I came up with the system I know
> > use.
> > >
> > > In fact, I've gained so much confidence in this system that I no
longer
> > use
> > > session variables, which require locking (extra, confusing code).  If
I
> > need
> > > to pass complex data types, I juse WDDX.  I no longer have issues of
> > users
> > > getting mixed up (knock on wood), whether its a clustered server
> > environ,
> > or
> > > single server.
> > >
> > > H.
> > >
> > >
> > > > -Original Message-
> > > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Thursday, January 30, 2003 2:08 PM
> > > > To: CF-Talk
> > > > Subject: Re: Client Variables - Serious Problem
> > > >
> > > > Well, I am storing them in the DB...  I think I am missing something
> > on
> > > > Client Variables .. (which I hang my head :)
> > > >
> > > > Should I be keeping the key CFID associated with the memberID in the
> > db?
> > > >
> > > > Paul Giesenhagen
> > > > QuillDesign
> > > >
> > > > - Original Message -
> > > > From: "Matt Robertson" <[EMAIL PROTECTED]>
> > > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > > Sent: Thursday, January 30, 2003 4:03 PM
> > > > Subject: Re: Client Variables - Serious Problem
> > > >
> > > >
> > > > > While the symptoms Paul described are indeed similar to a failure
to
> > > > lock
> > > > a session variable, listen to Ray and remember his level of
> > > > involvement/expertise with CF.  Since client vars are stored in a
> > > > database,
> > > > a special mini-db in the registry or cookies, you have no shared
> > memory
> > > > issues or race condition issues and no need to lock.  None.  Zilch.
> > > > Bupkus.
> > > > >
> > > > > Now, with that said, Paul how are you storing those self-same
cvars,
> > and
> > > > how are you keeping track of your key pair?  This problem is unusual
> > > > indeed.
> > > > >
> > > > > -----------
> > > > >  Matt Robertson, [EMAIL PROTECTED]
> > > > >  MSB Designs, Inc. http://mysecretbase.com
> > > > > ---
> > > > >
> > > > >
> > > > > -- Original Message --
> > > > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
> > > > > Reply-To: [EMAIL PROTECTED]
> > > > > date: Thu, 30 Jan 2003 15:51:55 -0600
> > > > >
> > > > > >Gel,
> > > > > >
> > > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond
> > was
> > > > part
> > > > > >of the development of CF .

RE: Client Variables - Serious Problem

It's merely a back up ... to help the browser remember ... 

Of course, if the user is using something like anonymizer, then even this
isn't going to help, except explicitly passing the variables.

H.


> -Original Message-
> From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 2:22 PM
> To:   CF-Talk
> Subject:  Re: Client Variables - Serious Problem
> 
> Why does the cfcookie in the application.cfm file fix the problem?!?!
> What
> if they have cookies turned off?
> 
> Paul Giesenhagen
> QuillDesign
> - Original Message -
> From: "Owens, Howard" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, January 30, 2003 4:08 PM
> Subject: RE: Client Variables - Serious Problem
> 
> 
> > No need to do that ...
> >
> > The code I gave you solved my problem ... which is the exact same
> problem
> > you are having.  I've been through this, and a combination of things I
> got
> > from this list, and my own guessing, I came up with the system I know
> use.
> >
> > In fact, I've gained so much confidence in this system that I no longer
> use
> > session variables, which require locking (extra, confusing code).  If I
> need
> > to pass complex data types, I juse WDDX.  I no longer have issues of
> users
> > getting mixed up (knock on wood), whether its a clustered server
> environ,
> or
> > single server.
> >
> > H.
> >
> >
> > > -Original Message-
> > > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 30, 2003 2:08 PM
> > > To: CF-Talk
> > > Subject: Re: Client Variables - Serious Problem
> > >
> > > Well, I am storing them in the DB...  I think I am missing something
> on
> > > Client Variables .. (which I hang my head :)
> > >
> > > Should I be keeping the key CFID associated with the memberID in the
> db?
> > >
> > > Paul Giesenhagen
> > > QuillDesign
> > >
> > > - Original Message -
> > > From: "Matt Robertson" <[EMAIL PROTECTED]>
> > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > Sent: Thursday, January 30, 2003 4:03 PM
> > > Subject: Re: Client Variables - Serious Problem
> > >
> > >
> > > > While the symptoms Paul described are indeed similar to a failure to
> > > lock
> > > a session variable, listen to Ray and remember his level of
> > > involvement/expertise with CF.  Since client vars are stored in a
> > > database,
> > > a special mini-db in the registry or cookies, you have no shared
> memory
> > > issues or race condition issues and no need to lock.  None.  Zilch.
> > > Bupkus.
> > > >
> > > > Now, with that said, Paul how are you storing those self-same cvars,
> and
> > > how are you keeping track of your key pair?  This problem is unusual
> > > indeed.
> > > >
> > > > ---
> > > >  Matt Robertson, [EMAIL PROTECTED]
> > > >  MSB Designs, Inc. http://mysecretbase.com
> > > > ---
> > > >
> > > >
> > > > -- Original Message --
> > > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
> > > > Reply-To: [EMAIL PROTECTED]
> > > > date: Thu, 30 Jan 2003 15:51:55 -0600
> > > >
> > > > >Gel,
> > > > >
> > > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond
> was
> > > part
> > > > >of the development of CF ..:)
> > > > >
> > > > >Paul Giesenhagen
> > > > >QuillDesign
> > > > >
> > > > >- Original Message -
> > > > >From: "Angel Stewart" <[EMAIL PROTECTED]>
> > > > >To: "CF-Talk" <[EMAIL PROTECTED]>
> > > > >Sent: Thursday, January 30, 2003 3:45 PM
> > > > >Subject: RE: Client Variables - Serious Problem
> > > > >
> > > > >
> > > > >> *folds arms*
> > > > >> Oh yes you do!
> > > > >>
> > > > >> When you set them and read them!
> > > > >>
> > > > >> -Gel
> > > > >>
> > > > >>
> > > > >> -Original Message-
> > > > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
> > > > >>
> > > > >> Um, no, you don't.
> > > > >>
> > > > >>
> > > > >
> > > >
> > >
> > 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

2003-01-30 Thread Matt Robertson

Paul,

Like Howard mentioned, I think this is a problem with how you are maintaining state 
rather than cvars themselves.  Here's a cfapplication statement from one of my apps 
that is running on a single server and maintaining state via cvars:



Later on in application.cfm I do this:


 
 
 
 


So if it finds a different value in the cookie versus whatever is current it resets 
the session ID back to the cookie value.  Between those two things I never have any 
problems with losing the key pair, although appending all urls as mentioned and 
testing all three or something like that would be safest.

---
 Matt Robertson, [EMAIL PROTECTED]
 MSB Designs, Inc. http://mysecretbase.com
---


-- Original Message --
From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
date: Thu, 30 Jan 2003 16:08:11 -0600

>Well, I am storing them in the DB...  I think I am missing something on
>Client Variables .. (which I hang my head :)
>
>Should I be keeping the key CFID associated with the memberID in the db?
>
>Paul Giesenhagen
>QuillDesign
>
>- Original Message -
>From: "Matt Robertson" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Thursday, January 30, 2003 4:03 PM
>Subject: Re: Client Variables - Serious Problem
>
>
>> While the symptoms Paul described are indeed similar to a failure to lock
>a session variable, listen to Ray and remember his level of
>involvement/expertise with CF.  Since client vars are stored in a database,
>a special mini-db in the registry or cookies, you have no shared memory
>issues or race condition issues and no need to lock.  None.  Zilch.  Bupkus.
>>
>> Now, with that said, Paul how are you storing those self-same cvars, and
>how are you keeping track of your key pair?  This problem is unusual indeed.
>>
>> ---
>>  Matt Robertson, [EMAIL PROTECTED]
>>  MSB Designs, Inc. http://mysecretbase.com
>> ---
>>
>>
>> -- Original Message --
>> From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
>> Reply-To: [EMAIL PROTECTED]
>> date: Thu, 30 Jan 2003 15:51:55 -0600
>>
>> >Gel,
>> >
>> >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was
>part
>> >of the development of CF ..:)
>> >
>> >Paul Giesenhagen
>> >QuillDesign
>> >
>> >- Original Message -
>> >From: "Angel Stewart" <[EMAIL PROTECTED]>
>> >To: "CF-Talk" <[EMAIL PROTECTED]>
>> >Sent: Thursday, January 30, 2003 3:45 PM
>> >Subject: RE: Client Variables - Serious Problem
>> >
>> >
>> >> *folds arms*
>> >> Oh yes you do!
>> >>
>> >> When you set them and read them!
>> >>
>> >> -Gel
>> >>
>> >>
>> >> -Original Message-
>> >> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
>> >>
>> >> Um, no, you don't.
>> >>
>> >>
>> >
>> 
>
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

Why does the cfcookie in the application.cfm file fix the problem?!?!  What
if they have cookies turned off?

Paul Giesenhagen
QuillDesign
- Original Message -
From: "Owens, Howard" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 4:08 PM
Subject: RE: Client Variables - Serious Problem


> No need to do that ...
>
> The code I gave you solved my problem ... which is the exact same problem
> you are having.  I've been through this, and a combination of things I got
> from this list, and my own guessing, I came up with the system I know use.
>
> In fact, I've gained so much confidence in this system that I no longer
use
> session variables, which require locking (extra, confusing code).  If I
need
> to pass complex data types, I juse WDDX.  I no longer have issues of users
> getting mixed up (knock on wood), whether its a clustered server environ,
or
> single server.
>
> H.
>
>
> > -Original Message-
> > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 2:08 PM
> > To: CF-Talk
> > Subject: Re: Client Variables - Serious Problem
> >
> > Well, I am storing them in the DB...  I think I am missing something on
> > Client Variables .. (which I hang my head :)
> >
> > Should I be keeping the key CFID associated with the memberID in the db?
> >
> > Paul Giesenhagen
> > QuillDesign
> >
> > - Original Message -
> > From: "Matt Robertson" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Thursday, January 30, 2003 4:03 PM
> > Subject: Re: Client Variables - Serious Problem
> >
> >
> > > While the symptoms Paul described are indeed similar to a failure to
> > lock
> > a session variable, listen to Ray and remember his level of
> > involvement/expertise with CF.  Since client vars are stored in a
> > database,
> > a special mini-db in the registry or cookies, you have no shared memory
> > issues or race condition issues and no need to lock.  None.  Zilch.
> > Bupkus.
> > >
> > > Now, with that said, Paul how are you storing those self-same cvars,
and
> > how are you keeping track of your key pair?  This problem is unusual
> > indeed.
> > >
> > > ---
> > >  Matt Robertson, [EMAIL PROTECTED]
> > >  MSB Designs, Inc. http://mysecretbase.com
> > > ---
> > >
> > >
> > > -- Original Message --
> > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
> > > Reply-To: [EMAIL PROTECTED]
> > > date: Thu, 30 Jan 2003 15:51:55 -0600
> > >
> > > >Gel,
> > > >
> > > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was
> > part
> > > >of the development of CF ..:)
> > > >
> > > >Paul Giesenhagen
> > > >QuillDesign
> > > >
> > > >- Original Message -
> > > >From: "Angel Stewart" <[EMAIL PROTECTED]>
> > > >To: "CF-Talk" <[EMAIL PROTECTED]>
> > > >Sent: Thursday, January 30, 2003 3:45 PM
> > > >Subject: RE: Client Variables - Serious Problem
> > > >
> > > >
> > > >> *folds arms*
> > > >> Oh yes you do!
> > > >>
> > > >> When you set them and read them!
> > > >>
> > > >> -Gel
> > > >>
> > > >>
> > > >> -Original Message-
> > > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
> > > >>
> > > >> Um, no, you don't.
> > > >>
> > > >>
> > > >
> > >
> >
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

No need to do that ... 

The code I gave you solved my problem ... which is the exact same problem
you are having.  I've been through this, and a combination of things I got
from this list, and my own guessing, I came up with the system I know use. 

In fact, I've gained so much confidence in this system that I no longer use
session variables, which require locking (extra, confusing code).  If I need
to pass complex data types, I juse WDDX.  I no longer have issues of users
getting mixed up (knock on wood), whether its a clustered server environ, or
single server.

H.


> -Original Message-
> From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 2:08 PM
> To:   CF-Talk
> Subject:  Re: Client Variables - Serious Problem
> 
> Well, I am storing them in the DB...  I think I am missing something on
> Client Variables .. (which I hang my head :)
> 
> Should I be keeping the key CFID associated with the memberID in the db?
> 
> Paul Giesenhagen
> QuillDesign
> 
> - Original Message -
> From: "Matt Robertson" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, January 30, 2003 4:03 PM
> Subject: Re: Client Variables - Serious Problem
> 
> 
> > While the symptoms Paul described are indeed similar to a failure to
> lock
> a session variable, listen to Ray and remember his level of
> involvement/expertise with CF.  Since client vars are stored in a
> database,
> a special mini-db in the registry or cookies, you have no shared memory
> issues or race condition issues and no need to lock.  None.  Zilch.
> Bupkus.
> >
> > Now, with that said, Paul how are you storing those self-same cvars, and
> how are you keeping track of your key pair?  This problem is unusual
> indeed.
> >
> > ---
> >  Matt Robertson, [EMAIL PROTECTED]
> >  MSB Designs, Inc. http://mysecretbase.com
> > ---
> >
> >
> > -- Original Message --
> > From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > date: Thu, 30 Jan 2003 15:51:55 -0600
> >
> > >Gel,
> > >
> > >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was
> part
> > >of the development of CF ..:)
> > >
> > >Paul Giesenhagen
> > >QuillDesign
> > >
> > >- Original Message -
> > >From: "Angel Stewart" <[EMAIL PROTECTED]>
> > >To: "CF-Talk" <[EMAIL PROTECTED]>
> > >Sent: Thursday, January 30, 2003 3:45 PM
> > >Subject: RE: Client Variables - Serious Problem
> > >
> > >
> > >> *folds arms*
> > >> Oh yes you do!
> > >>
> > >> When you set them and read them!
> > >>
> > >> -Gel
> > >>
> > >>
> > >> -Original Message-
> > >> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
> > >>
> > >> Um, no, you don't.
> > >>
> > >>
> > >
> > 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Barney Boisvert

It's worth mentioning that with framesets in particular it is possible to
have multiple requests from the client running at the same time.  This can
cause problems with the way that client variables work (at least as I
understand it).

A normal request goes like this:
1) CF reads the client variables from somehwere (cookie, db, whatever)
2) CF sets the client variables into a 'scope' that is analogous to the
request scope
3) the request processes
4) CF copies the client variables from the client 'scope' back into
somewhere.

No big deal there, unless you get a second request (b) that arrives at the
server before the first request (a) is finished.  It won't have access to
any values that the first request set, because they haven't been written
back to the database yet.  You get a timeline like this:

a1 read
a2 set
b1 read
b2 set
a3 process
a4 write
b3 process
b4 write

Thus request b can overwrite any variable set by request a, and no one will
ever know.  If anyone cares to prove me incorrect, I'd LOVE to hear it.
Definitely set my mind at ease.

barneyb

> -Original Message-
> From: Owens, Howard [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 1:49 PM
> To: CF-Talk
> Subject: RE: Client Variables - Serious Problem
>
>
> You don't have to lock client variables ... why?  Because the tracking
> mechanism is more physical than virtual, is the best way I can
> think to put
> it.
>
> With session variables, the tracking mech is stored in the servers memory,
> and the mem can get confused with all of those concurrent users.
>
> With client vars, they are stored either in the registery, a db,
> or cookies.
> This puts each cfid/token pair in it's own little sandbox, as it
> were.  The
> client's browser (which isn't going to have any sharing/concurrent users)
> does the job of remembering what its own cfid/token pair is.  The
> browser is
> really doing all the heavy lifting, which is why they are called client
> variables.  However, since I've learned the hard way that the
> browser has a
> tendency to drop the ball (possibly because of user configurations), it's
> necessary explicitly pass URLTOKENS, set client cookies and
> properly set up
> your CFApp tag (see previous post).
>
> I'm with Camden on this one. No you don't lock client vars.
>
> H.
>
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

Well, I am storing them in the DB...  I think I am missing something on
Client Variables .. (which I hang my head :)

Should I be keeping the key CFID associated with the memberID in the db?

Paul Giesenhagen
QuillDesign

- Original Message -
From: "Matt Robertson" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 4:03 PM
Subject: Re: Client Variables - Serious Problem


> While the symptoms Paul described are indeed similar to a failure to lock
a session variable, listen to Ray and remember his level of
involvement/expertise with CF.  Since client vars are stored in a database,
a special mini-db in the registry or cookies, you have no shared memory
issues or race condition issues and no need to lock.  None.  Zilch.  Bupkus.
>
> Now, with that said, Paul how are you storing those self-same cvars, and
how are you keeping track of your key pair?  This problem is unusual indeed.
>
> ---
>  Matt Robertson, [EMAIL PROTECTED]
>  MSB Designs, Inc. http://mysecretbase.com
> ---
>
>
> -- Original Message --
> From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> date: Thu, 30 Jan 2003 15:51:55 -0600
>
> >Gel,
> >
> >Sorry, I know you don't lock'm ... but also keep in mind, Raymond was
part
> >of the development of CF ..:)
> >
> >Paul Giesenhagen
> >QuillDesign
> >
> >- Original Message -
> >From: "Angel Stewart" <[EMAIL PROTECTED]>
> >To: "CF-Talk" <[EMAIL PROTECTED]>
> >Sent: Thursday, January 30, 2003 3:45 PM
> >Subject: RE: Client Variables - Serious Problem
> >
> >
> >> *folds arms*
> >> Oh yes you do!
> >>
> >> When you set them and read them!
> >>
> >> -Gel
> >>
> >>
> >> -Original Message-
> >> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
> >>
> >> Um, no, you don't.
> >>
> >>
> >
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

2003-01-30 Thread Matt Robertson

While the symptoms Paul described are indeed similar to a failure to lock a session 
variable, listen to Ray and remember his level of involvement/expertise with CF.  
Since client vars are stored in a database, a special mini-db in the registry or 
cookies, you have no shared memory issues or race condition issues and no need to 
lock.  None.  Zilch.  Bupkus.

Now, with that said, Paul how are you storing those self-same cvars, and how are you 
keeping track of your key pair?  This problem is unusual indeed.

---
 Matt Robertson, [EMAIL PROTECTED]
 MSB Designs, Inc. http://mysecretbase.com
---


-- Original Message --
From: "Paul Giesenhagen" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
date: Thu, 30 Jan 2003 15:51:55 -0600

>Gel,
>
>Sorry, I know you don't lock'm ... but also keep in mind, Raymond was part
>of the development of CF ..:)
>
>Paul Giesenhagen
>QuillDesign
>
>- Original Message -
>From: "Angel Stewart" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Thursday, January 30, 2003 3:45 PM
>Subject: RE: Client Variables - Serious Problem
>
>
>> *folds arms*
>> Oh yes you do!
>>
>> When you set them and read them!
>>
>> -Gel
>>
>>
>> -Original Message-
>> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
>>
>> Um, no, you don't.
>>
>> 
>
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Angel Stewart

*nervous chuckle*
Oh..well gee...
I was just taking my own advice and reading the archives and I see that
you need to lock the application and session scope..but not necessarily
the client or Request scopes..

Heh..

0_0

Whoops!

*nervous laugh*
Ooookiees...no muffins for me huh?

Bad Gel..Bad bad bad gel.

*sneaks back to cfcommunity list*

-Gel


-Original Message-
From: Angel Stewart [mailto:[EMAIL PROTECTED]] 

*folds arms*
Oh yes you do!

When you set them and read them!

-Gel

-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]] 

Um, no, you don't.

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

You don't have to lock client variables ... why?  Because the tracking
mechanism is more physical than virtual, is the best way I can think to put
it.

With session variables, the tracking mech is stored in the servers memory,
and the mem can get confused with all of those concurrent users.

With client vars, they are stored either in the registery, a db, or cookies.
This puts each cfid/token pair in it's own little sandbox, as it were.  The
client's browser (which isn't going to have any sharing/concurrent users)
does the job of remembering what its own cfid/token pair is.  The browser is
really doing all the heavy lifting, which is why they are called client
variables.  However, since I've learned the hard way that the browser has a
tendency to drop the ball (possibly because of user configurations), it's
necessary explicitly pass URLTOKENS, set client cookies and properly set up
your CFApp tag (see previous post).

I'm with Camden on this one. No you don't lock client vars.

H.

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Matthew Small

Actually, before this turns into an all-out flame war, I think that
Angel should find a post in the archives about correct locking practices
where it says to lock client variables.

Matthew Small
IT Supervisor
Showstopper National Dance Competitions
3660 Old Kings Hwy 
Murrells Inlet, SC 29576
843-357-1847
http://www.showstopperonline.com

-Original Message-
From: Angel Stewart [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 30, 2003 4:46 PM
To: CF-Talk
Subject: RE: Client Variables - Serious Problem

*folds arms*
Oh yes you do!

When you set them and read them!

-Gel


-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]] 

Um, no, you don't.


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

Gel,

Sorry, I know you don't lock'm ... but also keep in mind, Raymond was part
of the development of CF ..:)

Paul Giesenhagen
QuillDesign

- Original Message -
From: "Angel Stewart" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 3:45 PM
Subject: RE: Client Variables - Serious Problem


> *folds arms*
> Oh yes you do!
>
> When you set them and read them!
>
> -Gel
>
>
> -Original Message-
> From: Raymond Camden [mailto:[EMAIL PROTECTED]]
>
> Um, no, you don't.
>
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

so ray.

if you don't, why in god's name would paul
be having that problem?

...tony

Tony Weeg
Senior Web Developer
UnCertified Advanced ColdFusion Developer
Information System Design
Navtrak, Inc.
Mobile workforce monitoring, mapping & reporting
www.navtrak.net
410.548.2337 

-Original Message-
From: Angel Stewart [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 30, 2003 4:46 PM
To: CF-Talk
Subject: RE: Client Variables - Serious Problem


*folds arms*
Oh yes you do!

When you set them and read them!

-Gel


-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]] 

Um, no, you don't.


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Angel Stewart

*folds arms*
Oh yes you do!

When you set them and read them!

-Gel


-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]] 

Um, no, you don't.

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

Currently I pass every link like this:

Link

I will try your suggestion.

NOTE: I just recieved an email from a user who said someone knew all their
personal information ... sooo this is looking like a huge problem.

Thank you
Paul Giesenhagen
QuillDesign

- Original Message -
From: "Owens, Howard" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 3:31 PM
Subject: RE: Client Variables - Serious Problem


> Paul:
>
> Are you on a cluster of servers?
>
> Also, how are you tracking CFID, CFTOKEN.
>
> I've found for the most stable success, I need to appened
#client.URLTOKEN#
> to every URL, including those passed in FORMS, and I also got better
results
> by dropping this on my Application.cfm page (at the suggestion of a list
> member):
>
>  clientmanagement="yes"
>setclientcookies="yes"
> clientstorage="dbClientVars"
> SETDOMAINCOOKIES="true">
>
> followed by
>
> 
> 
>
> Hope this helps.
>
> H.
>
>
> > -Original Message-
> > From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 1:08 PM
> > To: CF-Talk
> > Subject: Client Variables - Serious Problem
> >
> > Question:
> >
> > I am using client variables to login users and keep their information
> > while roaming the site.  The problem is I just went into the site and it
> > had me logged as another user of the site... Below is the code I am
using
> > to login in a user  I haven't used the client variables alot so if
you
> > see something I am doing wrong, please enlighten.
> >
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >
> >
> >
> > 
> >
> > 
> >  
> > 
> > 
> > 
> > 
> >
> > When I opened my browser and went to the site, It thought i was a
> > different user ... how could something like this have happened??
> >
> > Any help or if you all need more information, please let me konw.
> >
> > (Win2K, CF5 - Single Machine)
> >
> > Thank you
> > Paul Giesenhagen
> > QuillDesign
> >
> >
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

ok dave watts, again, we need the gavel on this
one, whats the real answer

...tony

Tony Weeg
Senior Web Developer
UnCertified Advanced ColdFusion Developer
Information System Design
Navtrak, Inc.
Mobile workforce monitoring, mapping & reporting
www.navtrak.net
410.548.2337 

-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 30, 2003 4:38 PM
To: CF-Talk
Subject: RE: Client Variables - Serious Problem


Um, no, you don't.

===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc

Email: [EMAIL PROTECTED]
WWW  : www.camdenfamily.com/morpheus
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda 

> -Original Message-
> From: Angel Stewart [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, January 30, 2003 3:34 PM
> To: CF-Talk
> Subject: RE: Client Variables - Serious Problem
> 
> 
> You do need to lock the client variables when you set them.
> 
> Check back in the Archives for the CF=Talk list. There have 
> been extensive discussions about correct locking practices. 
> 
> You DO need to lock them :)
> 
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=2534.2422.4



~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

for real?

so I was right!

H!
really?

wow, that would be cool.  tony, the evil tony was right.

...tony

Tony Weeg
Senior Web Developer
UnCertified Advanced ColdFusion Developer
Information System Design
Navtrak, Inc.
Mobile workforce monitoring, mapping & reporting
www.navtrak.net
410.548.2337 

-Original Message-
From: Angel Stewart [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 30, 2003 4:34 PM
To: CF-Talk
Subject: RE: Client Variables - Serious Problem


You do need to lock the client variables when you set them.

Check back in the Archives for the CF=Talk list. There have been
extensive discussions about correct locking practices. 

You DO need to lock them :)

-Gel




~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

well, it was also my understanding
that cf managed those variables, cookies
and cfid'sso who knows...i bet
ray and some others do, don't listen to me
today, im the other tony, not the one who
knows cold fusion.

...tony

Tony Weeg
Senior Web Developer
UnCertified Advanced ColdFusion Developer
Information System Design
Navtrak, Inc.
Mobile workforce monitoring, mapping & reporting
www.navtrak.net
410.548.2337 

-Original Message-
From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 30, 2003 4:33 PM
To: CF-Talk
Subject: Re: Client Variables - Serious Problem


So, do you see anything wrong  I don't think this is a mixup on one
record ... I have recieved a few emails that led me to believe that
other
users on the website are also having these issues.

Paul Giesenhagen
QuillDesign

- Original Message -
From: "Raymond Camden" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 3:18 PM
Subject: RE: Client Variables - Serious Problem


> Woah - you do not need to lock client variable access - and even if
you
> were to use a lock, the Server scope lock is defintely not the right
one
> to use.
>
>
===
> Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
>
> Email: [EMAIL PROTECTED]
> WWW  : www.camdenfamily.com/morpheus
> Yahoo IM : morpheus
>
> "My ally is the Force, and a powerful ally it is." - Yoda
>
> > -Original Message-
> > From: Tony Weeg [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 3:15 PM
> > To: CF-Talk
> > Subject: RE: Client Variables - Serious Problem
> >
> >
> > paul, paul, paulits a locking issue my friend.
> >
> > client scope is something that should be locked (from what I
> > remember.)
> >
> > do this...
> >
> > 
> >
> >  > output="client.member">
> >
> > 
> >
> > and then this...
> >
> > 
> >
> > 
> >  
> >  > DeleteClientVariable("location")> 
> >  
> >
> > 
> >
> > I think this may help you ;)
> >
> > ...tony
> >
> > Tony Weeg
> > Senior Web Developer
> > UnCertified Advanced ColdFusion Developer
> > Information System Design
> > Navtrak, Inc.
> > Mobile workforce monitoring, mapping & reporting
> > www.navtrak.net 410.548.2337
> >
> > -Original Message-
> > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 4:08 PM
> > To: CF-Talk
> > Subject: Client Variables - Serious Problem
> >
> >
> > Question:
> >
> > I am using client variables to login users and keep their
> > information while roaming the site.  The problem is I just
> > went into the site and it had me logged as another user of
> > the site... Below is the code I am using to login in a
> > user  I haven't used the client variables alot so if you
> > see something I am doing wrong, please enlighten.
> >
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >
> >
> >
> > 
> >
> > 
> >  
> >  > DeleteClientVariable("location")> 
> >  
> >
> > When I opened my browser and went to the site, It thought i
> > was a different user ... how could something like this have
happened??
> >
> > Any help or if you all need more information, please let me konw.
> >
> > (Win2K, CF5 - Single Machine)
> >
> > Thank you
> > Paul Giesenhagen
> > QuillDesign
> >
> >
> >
> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Raymond Camden

Um, no, you don't.

===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc

Email: [EMAIL PROTECTED]
WWW  : www.camdenfamily.com/morpheus
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda 

> -Original Message-
> From: Angel Stewart [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, January 30, 2003 3:34 PM
> To: CF-Talk
> Subject: RE: Client Variables - Serious Problem
> 
> 
> You do need to lock the client variables when you set them.
> 
> Check back in the Archives for the CF=Talk list. There have 
> been extensive discussions about correct locking practices. 
> 
> You DO need to lock them :)
> 
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=2534.2422.4


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

Paul:

Are you on a cluster of servers?

Also, how are you tracking CFID, CFTOKEN.

I've found for the most stable success, I need to appened #client.URLTOKEN#
to every URL, including those passed in FORMS, and I also got better results
by dropping this on my Application.cfm page (at the suggestion of a list
member):



followed by




Hope this helps.

H.


> -Original Message-
> From: Paul Giesenhagen [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 1:08 PM
> To:   CF-Talk
> Subject:  Client Variables - Serious Problem
> 
> Question:
> 
> I am using client variables to login users and keep their information
> while roaming the site.  The problem is I just went into the site and it
> had me logged as another user of the site... Below is the code I am using
> to login in a user  I haven't used the client variables alot so if you
> see something I am doing wrong, please enlighten.  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
> 
> 
> 
> 
> 
> When I opened my browser and went to the site, It thought i was a
> different user ... how could something like this have happened??
> 
> Any help or if you all need more information, please let me konw.
> 
> (Win2K, CF5 - Single Machine)
> 
> Thank you
> Paul Giesenhagen
> QuillDesign
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

2003-01-30 Thread Angel Stewart

You do need to lock the client variables when you set them.

Check back in the Archives for the CF=Talk list. There have been
extensive discussions about correct locking practices. 

You DO need to lock them :)

-Gel



~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

So, do you see anything wrong  I don't think this is a mixup on one
record ... I have recieved a few emails that led me to believe that other
users on the website are also having these issues.

Paul Giesenhagen
QuillDesign

- Original Message -
From: "Raymond Camden" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 3:18 PM
Subject: RE: Client Variables - Serious Problem


> Woah - you do not need to lock client variable access - and even if you
> were to use a lock, the Server scope lock is defintely not the right one
> to use.
>
> ===
> Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
>
> Email: [EMAIL PROTECTED]
> WWW  : www.camdenfamily.com/morpheus
> Yahoo IM : morpheus
>
> "My ally is the Force, and a powerful ally it is." - Yoda
>
> > -Original Message-
> > From: Tony Weeg [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 3:15 PM
> > To: CF-Talk
> > Subject: RE: Client Variables - Serious Problem
> >
> >
> > paul, paul, paulits a locking issue my friend.
> >
> > client scope is something that should be locked (from what I
> > remember.)
> >
> > do this...
> >
> > 
> >
> >  > output="client.member">
> >
> > 
> >
> > and then this...
> >
> > 
> >
> > 
> >  
> >  > DeleteClientVariable("location")> 
> >  
> >
> > 
> >
> > I think this may help you ;)
> >
> > ...tony
> >
> > Tony Weeg
> > Senior Web Developer
> > UnCertified Advanced ColdFusion Developer
> > Information System Design
> > Navtrak, Inc.
> > Mobile workforce monitoring, mapping & reporting
> > www.navtrak.net 410.548.2337
> >
> > -Original Message-
> > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 4:08 PM
> > To: CF-Talk
> > Subject: Client Variables - Serious Problem
> >
> >
> > Question:
> >
> > I am using client variables to login users and keep their
> > information while roaming the site.  The problem is I just
> > went into the site and it had me logged as another user of
> > the site... Below is the code I am using to login in a
> > user  I haven't used the client variables alot so if you
> > see something I am doing wrong, please enlighten.
> >
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >
> >
> >
> > 
> >
> > 
> >  
> >  > DeleteClientVariable("location")> 
> >  
> >
> > When I opened my browser and went to the site, It thought i
> > was a different user ... how could something like this have happened??
> >
> > Any help or if you all need more information, please let me konw.
> >
> > (Win2K, CF5 - Single Machine)
> >
> > Thank you
> > Paul Giesenhagen
> > QuillDesign
> >
> >
> >
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Client Variables - Serious Problem

Could it have anything to do with CFID, CFTOKEN?  Are you supposed to track
that with the cookies ...?!

Paul Giesenhagen
QuillDesign

- Original Message -
From: "Raymond Camden" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 3:18 PM
Subject: RE: Client Variables - Serious Problem


> Woah - you do not need to lock client variable access - and even if you
> were to use a lock, the Server scope lock is defintely not the right one
> to use.
>
> ===
> Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
>
> Email: [EMAIL PROTECTED]
> WWW  : www.camdenfamily.com/morpheus
> Yahoo IM : morpheus
>
> "My ally is the Force, and a powerful ally it is." - Yoda
>
> > -Original Message-
> > From: Tony Weeg [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 3:15 PM
> > To: CF-Talk
> > Subject: RE: Client Variables - Serious Problem
> >
> >
> > paul, paul, paulits a locking issue my friend.
> >
> > client scope is something that should be locked (from what I
> > remember.)
> >
> > do this...
> >
> > 
> >
> >  > output="client.member">
> >
> > 
> >
> > and then this...
> >
> > 
> >
> > 
> >  
> >  > DeleteClientVariable("location")> 
> >  
> >
> > 
> >
> > I think this may help you ;)
> >
> > ...tony
> >
> > Tony Weeg
> > Senior Web Developer
> > UnCertified Advanced ColdFusion Developer
> > Information System Design
> > Navtrak, Inc.
> > Mobile workforce monitoring, mapping & reporting
> > www.navtrak.net 410.548.2337
> >
> > -Original Message-
> > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 30, 2003 4:08 PM
> > To: CF-Talk
> > Subject: Client Variables - Serious Problem
> >
> >
> > Question:
> >
> > I am using client variables to login users and keep their
> > information while roaming the site.  The problem is I just
> > went into the site and it had me logged as another user of
> > the site... Below is the code I am using to login in a
> > user  I haven't used the client variables alot so if you
> > see something I am doing wrong, please enlighten.
> >
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >
> >
> >
> > 
> >
> > 
> >  
> >  > DeleteClientVariable("location")> 
> >  
> >
> > When I opened my browser and went to the site, It thought i
> > was a different user ... how could something like this have happened??
> >
> > Any help or if you all need more information, please let me konw.
> >
> > (Win2K, CF5 - Single Machine)
> >
> > Thank you
> > Paul Giesenhagen
> > QuillDesign
> >
> >
> >
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem

coool thing :) I just looked at the code
I have, on our site, that uses client vars
and I don't lock it, musta been the other Tony Weeg
that typed that last email, BAD other personality!
BAD BAD BAD

...tony

Tony Weeg
Senior Web Developer
UnCertified Advanced ColdFusion Developer
Information System Design
Navtrak, Inc.
Mobile workforce monitoring, mapping & reporting
www.navtrak.net
410.548.2337 

-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 30, 2003 4:18 PM
To: CF-Talk
Subject: RE: Client Variables - Serious Problem


Woah - you do not need to lock client variable access - and even if you
were to use a lock, the Server scope lock is defintely not the right one
to use.

===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc

Email: [EMAIL PROTECTED]
WWW  : www.camdenfamily.com/morpheus
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda 

> -Original Message-
> From: Tony Weeg [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, January 30, 2003 3:15 PM
> To: CF-Talk
> Subject: RE: Client Variables - Serious Problem
> 
> 
> paul, paul, paulits a locking issue my friend.
> 
> client scope is something that should be locked (from what I 
> remember.)
> 
> do this...
> 
> 
> 
>output="client.member">
> 
> 
> 
> and then this...
> 
> 
> 
> 
>  
>  DeleteClientVariable("location")> 
>  
> 
> 
> 
> I think this may help you ;)
> 
> ...tony
> 
> Tony Weeg
> Senior Web Developer
> UnCertified Advanced ColdFusion Developer
> Information System Design
> Navtrak, Inc.
> Mobile workforce monitoring, mapping & reporting 
> www.navtrak.net 410.548.2337 
> 
> -Original Message-
> From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, January 30, 2003 4:08 PM
> To: CF-Talk
> Subject: Client Variables - Serious Problem
> 
> 
> Question:
> 
> I am using client variables to login users and keep their 
> information while roaming the site.  The problem is I just 
> went into the site and it had me logged as another user of 
> the site... Below is the code I am using to login in a 
> user  I haven't used the client variables alot so if you 
> see something I am doing wrong, please enlighten.  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
>  DeleteClientVariable("location")> 
>  
> 
> When I opened my browser and went to the site, It thought i 
> was a different user ... how could something like this have happened??
> 
> Any help or if you all need more information, please let me konw.
> 
> (Win2K, CF5 - Single Machine)
> 
> Thank you
> Paul Giesenhagen
> QuillDesign
> 
> 
> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Client Variables - Serious Problem