RE: Application.cfm, Session Management, and a lot less hair!
Are you locking the seesion variables?...a test would be to switch to client variables and see if you still hget the same problem. Incedentally. If you want to maintain sessions regardless of whether the user has session level cookies swithched on or off then I'll post a bit of code which you stick in your application.cfm that will solve this. -- Andrew Ewings Project Manager Thoughtbubble Ltd http://www.thoughtbubble.net -- United Kingdom http://www.thoughtbubble.co.uk/ Tel: +44 (0) 20 7387 8890 -- New Zealand http://www.thoughtbubble.co.nz/ Tel: +64 (0) 9 488 9131 -- The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). Any views or opinions presented are solely those of the author and do not necessarily represent those of Thoughtbubble. This information may be subject to legal, professional or other privilege and further distribution of it is strictly prohibited without our authority. If you are not the intended recipient, you are not authorised to disclose, copy, distribute, or retain this message. Please notify us on +44 (0)207 387 8890. -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: 16 February 2001 14:58 To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. It is the intermittent nature of this problem that is causing me the most trouble in trying to solve it. Please note that we have never had a problem from our development machines. If anyone has any input on this problem I would really appreciate hearing from you... Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Application.cfm, Session Management, and a lot less hair!
Are these people connecting though a proxy? What browsers and browser settings are they using? What did that error message say? Can we see your application.cfm file from the app.? What settings are in their ColdFusion Administrator (as far as variable storage ans application/session timeouts)? Anything "special" about their server's configuration? Is this on an http or https socket? These are the questions that immediately pop into my mind here. ~Simon Simon Horwith Allaire Certified Instructor Certified ColdFusion Developer Fig Leaf Software 1400 16th St NW, # 220 Washington DC 20036 202.797.6570 (direct line) www.figleaf.com -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 9:58 AM To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. It is the intermittent nature of this problem that is causing me the most trouble in trying to solve it. Please note that we have never had a problem from our development machines. If anyone has any input on this problem I would really appreciate hearing from you... Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Application.cfm, Session Management, and a lot less hair!
On 2/16/01 9:58 AM Ken McInnes wrote: Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. Does this client have cookies disabled? If so, have them turn them on or start rewriting your code so that all links pass the #urltoken# variable. The session management in CF requires either cookies or the #urltoken#. Good luck. - Sean ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Application.cfm, Session Management, and a lot less hair!
HI Andy, Thanks that would be great...I had seen some code using tokens,etc. but I could not make it work!! Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 -Original Message- From: Andy Ewings [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 7:57 AM To: CF-Talk Subject: RE: Application.cfm, Session Management, and a lot less hair! Are you locking the seesion variables?...a test would be to switch to client variables and see if you still hget the same problem. Incedentally. If you want to maintain sessions regardless of whether the user has session level cookies swithched on or off then I'll post a bit of code which you stick in your application.cfm that will solve this. -- Andrew Ewings Project Manager Thoughtbubble Ltd http://www.thoughtbubble.net -- United Kingdom http://www.thoughtbubble.co.uk/ Tel: +44 (0) 20 7387 8890 -- New Zealand http://www.thoughtbubble.co.nz/ Tel: +64 (0) 9 488 9131 -- The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). Any views or opinions presented are solely those of the author and do not necessarily represent those of Thoughtbubble. This information may be subject to legal, professional or other privilege and further distribution of it is strictly prohibited without our authority. If you are not the intended recipient, you are not authorised to disclose, copy, distribute, or retain this message. Please notify us on +44 (0)207 387 8890. -Original Message- From: Ken McInnes [mailto:[EMAIL PROTECTED]] Sent: 16 February 2001 14:58 To: CF-Talk Subject: Application.cfm, Session Management, and a lot less hair! Good Morning (Evening) Everyone, Okay this problem has me completely baffled. We have an administration module for a client with a login page that sets some session permissions. Subsequent pages then look for the appropriate permission using CFApplication. Everything works fine on our end but when we implemented on the client site they cannot get into the administration module...very secure but useless! ;-) I have supplied the error they are getting and the CFApplication tag. The only way I have been able to replicate the error is by disabling the browser's ability to accept cookies on our internal network. This then causes Cold Fusion to throw the error. I have tried it on a number of different machines that we test on and the Cold Fusion application worked on all of them. However, when I try the application on some machines external to our network they almost always fail but some do allow access to the administrator module. They have been set to accept cookies so that doesn't seem to be the problem. It is the intermittent nature of this problem that is causing me the most trouble in trying to solve it. Please note that we have never had a problem from our development machines. If anyone has any input on this problem I would really appreciate hearing from you... Ken Ken McInnes e-Business Architect CSystems Consulting 1021 B 18th Street South Lethbridge, ABCanada T1K 2A2 Email: [EMAIL PROTECTED] Web Site: http://www.csystems.ab.ca (temporarily unavailable) Phone: 403.394.5116 Fax:403.381.6868 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Application.cfm, Session Management, and a lot less hair!
Ken
This is the code I use for client variables (just replace client. with
session.):
!---Ensure session is maintained regarless of cookies being on or off ---
cfif NOT ISDEFINED("Client.rollCount")
cfset Client.rollCount = 1
!--- Try to set a cookie for testing later ---
cfcookie name="isOn" value="testing"
!--- These 2 variables are used in Java applet instead of addtoken
---
!--- This sets addtoken ---
cfset application.addtoken =
"cfid=#client.cfid#cftoken=#client.cftoken#"
cfelse
!--- If cookies are not on then make a query string ---
cfset application.addtoken = iif(not isdefined("cookie.isOn"),
DE("cfid=#client.cfid#cftoken=#client.cftoken#"), DE(""))
/cfif
!---If user closes browser end session ---
cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")
cfset cfid_local = Cookie.CFID
cfset cftoken_local = Cookie.CFTOKEN
cfcookie name="CFID" value="#cfid_local#"
cfcookie name="CFTOKEN" value="#cftoken_local#"
/cfif
You then need to append "#application.addtoken#" to the end of every
hyperlink, form posting, and cflocation in your web site. Also for
cflocation you need to set the attribute "Addtoken = No".
This will then append the CFID and CFTOKEN to the end of the url or an empty
string, depnding on whether the user has cookies turned on or not.
The second bit of code simply ensures that the session is killed when the
user closes the browser so doesn't rely on the session/client timeout
specified in the application.cfm or by the CFServer
--
Andrew Ewings
Project Manager
Thoughtbubble Ltd
http://www.thoughtbubble.net
--
United Kingdom
http://www.thoughtbubble.co.uk/
Tel: +44 (0) 20 7387 8890
--
New Zealand
http://www.thoughtbubble.co.nz/
Tel: +64 (0) 9 488 9131
--
The information in this email and in any attachments is confidential and
intended solely for the attention and use of the named addressee(s). Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Thoughtbubble. This information may be
subject to legal, professional or other privilege and further distribution
of it is strictly prohibited without our authority. If you are not the
intended recipient, you are not authorised to disclose, copy, distribute, or
retain this message. Please notify us on +44 (0)207 387 8890.
-Original Message-----
From: Ken McInnes [mailto:[EMAIL PROTECTED]]
Sent: 16 February 2001 15:41
To: CF-Talk
Subject: RE: Application.cfm, Session Management, and a lot less hair!
HI Andy,
Thanks that would be great...I had seen some code using tokens,etc. but I
could not make it work!!
Ken
Ken McInnes
e-Business Architect
CSystems Consulting
1021 B 18th Street South
Lethbridge, ABCanada T1K 2A2
Email: [EMAIL PROTECTED]
Web Site: http://www.csystems.ab.ca (temporarily unavailable)
Phone: 403.394.5116
Fax: 403.381.6868
-----Original Message-
From: Andy Ewings [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 7:57 AM
To: CF-Talk
Subject: RE: Application.cfm, Session Management, and a lot less hair!
Are you locking the seesion variables?...a test would be to switch to
client variables and see if you still hget the same problem.
Incedentally. If you want to maintain sessions regardless of whether the
user has session level cookies swithched on or off then I'll post a bit of
code which you stick in your application.cfm that will solve this.
--
Andrew Ewings
Project Manager
Thoughtbubble Ltd
http://www.thoughtbubble.net
--
United Kingdom
http://www.thoughtbubble.co.uk/
Tel: +44 (0) 20 7387 8890
--
New Zealand
http://www.thoughtbubble.co.nz/
Tel: +64 (0) 9 488 9131
--
The information in this email and in any attachments is confidential and
intended solely for the attention and use of the named addressee(s). Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Thoughtbubble. This information may be
subject to legal, professional or other privilege and further distribution
of it is strictly prohibited without our authority. If you are not the
intended recipient, you are not authorised to disclose, copy, distribute, or
retain this message. Please notify
