Re: Session Variable question
> > > > i Recently found that this does not work in chrome but was unable to find a reason or a solution ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343523 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session Variable question
Learn something new every day. I really hadn't thought much about how the session variables were held. I appreciate the insight that you and Dave gave me. Thanks! -Original Message- From: Jason Fisher [mailto:ja...@wanax.com] Sent: Friday, April 01, 2011 1:35 PM To: cf-talk Subject: RE: Session Variable question Like Dave said, CF / J2EE already are using cookies, but there's a difference between cookies held only in the browser (expires when browser closes) and cookies that are written to the user's HDD. If you're using session or client vars, then you're already using 1 of these, and probably both. Setting CFCOOKIE with no expiration is a browser-level cookie; no user files necessary. From: "CraigSell" Sent: Friday, April 01, 2011 2:03 PM To: "cf-talk" Subject: RE: Session Variable question I really didn't want to use any kind of cookie. I have data in the session variables I don't want compromised in any way. I was just hoping the J2EE solution would be a magic bullet. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343479 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session Variable question
Like Dave said, CF / J2EE already are using cookies, but there's a difference between cookies held only in the browser (expires when browser closes) and cookies that are written to the user's HDD. If you're using session or client vars, then you're already using 1 of these, and probably both. Setting CFCOOKIE with no expiration is a browser-level cookie; no user files necessary. From: "CraigSell" Sent: Friday, April 01, 2011 2:03 PM To: "cf-talk" Subject: RE: Session Variable question I really didn't want to use any kind of cookie. I have data in the session variables I don't want compromised in any way. I was just hoping the J2EE solution would be a magic bullet. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343478 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variable question
It's the way that CF sessions are held ... cookies with 0 expiration are held in the browser, not saved to the HDD. From: "Kelly" Sent: Friday, April 01, 2011 1:33 PM To: "cf-talk" Subject: Re: Session Variable question Not sure if that will work if he can't use cookies. :) On 4/1/2011 1:28 PM, Jason Fisher wrote: > In your Application.cfc or somewhere global like that (after session is > created), drop this in: > > > > > > > > > > By not setting an 'expires' value in CFCOOKIE, this will ensure that the > session timeout = browser close. > > > > > From: "CraigSell" > Sent: Friday, April 01, 2011 1:20 PM > To: "cf-talk" > Subject: Session Variable question > > Hi, I was doing some testing my CF pages and got a surprise. I use > Session > variables to hold certain pieces of user information. I had always > thought > session variables were unique to a browser session such that each new > browser invocation would get a new, unique session variable that would be > destroyed when the browser closed. The testing I did showed that my > assumption is false and that session variables are held across new browser > invocations. > > Then I read the docs (gasp) and find that this is the way it's supposed to > be for CF session variables and that they are cleared only when the > timeout > expires. Sigh. > > I can't have this kind of persistence. I need unique session variables > for > each browser invocation and have them cleared when the browser closes. I > can't use cookies either. > > The documentation implies that switching to J2EE session variables will > create the behavior I desire. I would give it a go but I don't have > access > to cfadmin and it's a chore to get those that do make the change. Does > anyone know if using J2EE session variables will give the desired behavior > in CFMX7 and CFMX8 environments? > > Thanks! > > Warren Koch > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343477 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variable question
> I really didn't want to use any kind of cookie. I have data in the session > variables I don't want compromised in any way. I was just hoping the J2EE > solution would be a magic bullet. Using J2EE session variables will, by default, prevent the session from persisting in the browser after the browser has been closed and reopened. So if that's all you want, you can do that. But in any case, YOU ARE ALREADY USING COOKIES. That's how both J2EE sessions and CF's "native" sessions work, by default. If you weren't using cookies, you'd have had to write enough code to keep sessions going that you wouldn't need to ask this question. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343476 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session Variable question
I really didn't want to use any kind of cookie. I have data in the session variables I don't want compromised in any way. I was just hoping the J2EE solution would be a magic bullet. -Original Message- From: Kelly [mailto:webd...@gmail.com] Sent: Friday, April 01, 2011 12:32 PM To: cf-talk Subject: Re: Session Variable question Not sure if that will work if he can't use cookies. :) On 4/1/2011 1:28 PM, Jason Fisher wrote: > In your Application.cfc or somewhere global like that (after session > is created), drop this in: > > > > > > value="cfI" /> > > > By not setting an 'expires' value in CFCOOKIE, this will ensure that > the session timeout = browser close. > > > > > From: "CraigSell" > Sent: Friday, April 01, 2011 1:20 PM > To: "cf-talk" > Subject: Session Variable question > > Hi, I was doing some testing my CF pages and got a surprise. I use > Session variables to hold certain pieces of user information. I had > always thought session variables were unique to a browser session such > that each new browser invocation would get a new, unique session > variable that would be destroyed when the browser closed. The testing > I did showed that my assumption is false and that session variables > are held across new browser invocations. > > Then I read the docs (gasp) and find that this is the way it's > supposed to be for CF session variables and that they are cleared only > when the timeout expires. Sigh. > > I can't have this kind of persistence. I need unique session > variables for each browser invocation and have them cleared when the > browser closes. I can't use cookies either. > > The documentation implies that switching to J2EE session variables > will create the behavior I desire. I would give it a go but I don't > have access to cfadmin and it's a chore to get those that do make the > change. Does anyone know if using J2EE session variables will give > the desired behavior in CFMX7 and CFMX8 environments? > > Thanks! > > Warren Koch > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343475 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variable question
Good point. On 4/1/2011 1:59 PM, Dave Watts wrote: > > Despite the original poster saying that he couldn't use cookies, he is > almost certainly using cookies already. If not, his application is > responsible for embedding the session token in every link, form > submission, server-side redirect, and JavaScript location change, and > the session would be lost when the browser is closed unless the user > specifically navigated to a previous URL with the session token > already embedded within it. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343474 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variable question
> Not sure if that will work if he can't use cookies. :) Despite the original poster saying that he couldn't use cookies, he is almost certainly using cookies already. If not, his application is responsible for embedding the session token in every link, form submission, server-side redirect, and JavaScript location change, and the session would be lost when the browser is closed unless the user specifically navigated to a previous URL with the session token already embedded within it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343473 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Session Variable question
Not sure if that will work if he can't use cookies. :) On 4/1/2011 1:28 PM, Jason Fisher wrote: > In your Application.cfc or somewhere global like that (after session is > created), drop this in: > > > > > > > > > > By not setting an 'expires' value in CFCOOKIE, this will ensure that the > session timeout = browser close. > > > > > From: "CraigSell" > Sent: Friday, April 01, 2011 1:20 PM > To: "cf-talk" > Subject: Session Variable question > > Hi, I was doing some testing my CF pages and got a surprise. I use > Session > variables to hold certain pieces of user information. I had always > thought > session variables were unique to a browser session such that each new > browser invocation would get a new, unique session variable that would be > destroyed when the browser closed. The testing I did showed that my > assumption is false and that session variables are held across new browser > invocations. > > Then I read the docs (gasp) and find that this is the way it's supposed to > be for CF session variables and that they are cleared only when the > timeout > expires. Sigh. > > I can't have this kind of persistence. I need unique session variables > for > each browser invocation and have them cleared when the browser closes. I > can't use cookies either. > > The documentation implies that switching to J2EE session variables will > create the behavior I desire. I would give it a go but I don't have > access > to cfadmin and it's a chore to get those that do make the change. Does > anyone know if using J2EE session variables will give the desired behavior > in CFMX7 and CFMX8 environments? > > Thanks! > > Warren Koch > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343472 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
re: Session Variable question
In your Application.cfc or somewhere global like that (after session is created), drop this in: By not setting an 'expires' value in CFCOOKIE, this will ensure that the session timeout = browser close. From: "CraigSell" Sent: Friday, April 01, 2011 1:20 PM To: "cf-talk" Subject: Session Variable question Hi, I was doing some testing my CF pages and got a surprise. I use Session variables to hold certain pieces of user information. I had always thought session variables were unique to a browser session such that each new browser invocation would get a new, unique session variable that would be destroyed when the browser closed. The testing I did showed that my assumption is false and that session variables are held across new browser invocations. Then I read the docs (gasp) and find that this is the way it's supposed to be for CF session variables and that they are cleared only when the timeout expires. Sigh. I can't have this kind of persistence. I need unique session variables for each browser invocation and have them cleared when the browser closes. I can't use cookies either. The documentation implies that switching to J2EE session variables will create the behavior I desire. I would give it a go but I don't have access to cfadmin and it's a chore to get those that do make the change. Does anyone know if using J2EE session variables will give the desired behavior in CFMX7 and CFMX8 environments? Thanks! Warren Koch ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343471 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Session variable question
> Any app can fail under load. I guess I think it's not > appropriate to make blanket statements about the technique. > Certainly an app using a small amount of session data, but > with a large amount of users, is, roughly, equiavalent to > a small amount of users and large session strcutures. (Ok, > maybe not equivalent, but you get the idea.) Under that > kind of thinking, my original warning about a large > structure would apply then. You could make the same argument about locking! And yet, we make blanket statements about that all the time. (I'm being a bit facetious here, you know - please don't take this literally.) The specific applications in question failed under the amount of load that they had to support, when coded using this technique, and didn't when the code was revised to eliminate the copying of structures back and forth. These applications were relatively typical of our production work. Thus, my caveat. I think that, generally, you'd be better off simply putting the necessary locks in your code, rather than trying to "cheat" - which, after all, is all this "technique" really is: a way to avoid putting locks in your code. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Any app can fail under load. I guess I think it's not appropriate to make blanket statements about the technique. Certainly an app using a small amount of session data, but with a large amount of users, is, roughly, equiavalent to a small amount of users and large session strcutures. (Ok, maybe not equivalent, but you get the idea.) Under that kind of thinking, my original warning about a large structure would apply then. (Just my 2 cents.) === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED]] > Sent: Saturday, April 27, 2002 4:08 PM > To: CF-Talk > Subject: RE: Session variable question > > > > Who said it was terribly inefficient? Sure, if your session > > scope contains 500 variables, it's probably a bad idea to > > always copy it, but I think that for _normal_ usage, doing > > a request.session = duplicate(session) (within a cflock of > > course ;) will not be harmful at all. > > I think I've said it's terribly inefficient, or words to that > effect. On > more than one occasion, this approach has failed spectacularly within > production applications under load testing, in my experience. Beware. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > > __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
> Who said it was terribly inefficient? Sure, if your session > scope contains 500 variables, it's probably a bad idea to > always copy it, but I think that for _normal_ usage, doing > a request.session = duplicate(session) (within a cflock of > course ;) will not be harmful at all. I think I've said it's terribly inefficient, or words to that effect. On more than one occasion, this approach has failed spectacularly within production applications under load testing, in my experience. Beware. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Thanks Ray, aahh, thatÂ’s better, I had my cflock mail for 2day __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Who said it was terribly inefficient? Sure, if your session scope contains 500 variables, it's probably a bad idea to always copy it, but I think that for _normal_ usage, doing a request.session = duplicate(session) (within a cflock of course ;) will not be harmful at all. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -Original Message- > From: Robert Everland [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 23, 2002 12:23 PM > To: CF-Talk > Subject: RE: Session variable question > > > Ok let me ask this, I know it is terribly inefficient to copy > your session > variables to variables, or request scope if it is a complex > variable, but > what if it is something like sesison.firstname > session.lastname kind of > thing. Would this be inefficient or not? Just curious becuase > I usually > don't have complex variables and I don't know if this has > been explained > completely the difference between copying non complex and > complex variables. > > Robert Everland III > Dixon Ticonderoga > Web Developer Extraordinaire > __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Ok let me ask this, I know it is terribly inefficient to copy your session variables to variables, or request scope if it is a complex variable, but what if it is something like sesison.firstname session.lastname kind of thing. Would this be inefficient or not? Just curious becuase I usually don't have complex variables and I don't know if this has been explained completely the difference between copying non complex and complex variables. Robert Everland III Dixon Ticonderoga Web Developer Extraordinaire -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 12:18 PM To: CF-Talk Subject: RE: Session variable question > Ok, this leads me to another question about locking, If I'm > doing a check > for a session variable, like say something like > > add some code > > > should I have read only locks on pieces of code like that? we do have > certain features that we look for a particular user via a > session variable. > I'm wondering if I should lock all those too, or would that > be overkill? > Yes. Repeat after me... If I type session - I type lock. If I type application - I type lock. If I type server - I type lock. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
I think you forgot one line - If I type evaluate - I shoot myself. -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 12:18 PM To: CF-Talk Subject: RE: Session variable question > Ok, this leads me to another question about locking, If I'm > doing a check > for a session variable, like say something like > > add some code > > > should I have read only locks on pieces of code like that? we do have > certain features that we look for a particular user via a > session variable. > I'm wondering if I should lock all those too, or would that > be overkill? > Yes. Repeat after me... If I type session - I type lock. If I type application - I type lock. If I type server - I type lock. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
> Ok, this leads me to another question about locking, If I'm > doing a check > for a session variable, like say something like > > add some code > > > should I have read only locks on pieces of code like that? we do have > certain features that we look for a particular user via a > session variable. > I'm wondering if I should lock all those too, or would that > be overkill? > Yes. Repeat after me... If I type session - I type lock. If I type application - I type lock. If I type server - I type lock. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Not sure if anyone else has suggested this but try having the two users delete their cookies. They may have the same session ids. -Original Message- From: Ben Densmore [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:58 AM To: CF-Talk Subject: Session variable question I have seen this asked in the cf forums on macromedias site but don't see a clear answer so hopefully someone here can give me a clue. We have an order entry app running internally. I have 2 people that are in our sales dept that keep turning into one another while logged in. An example is, salesman A will be logged in and have administrative rights while salesman B will be logged in on another machine, doesn't have admin rights, but all of a sudden salesman B will have access to all the Admin stuff and be logged in as salesman A. One other weird thing is if salesman A logs out, it kills the session for salesman B. All session variables have been locked when they are created. The only thing I can think that might be happening is that the cfid and cftoken for these 2 guys are the same? we have about 25 people using this system and only these 2 people have this problem. If someone could give me an idea of what's going on I would really appreciate it. Thanks, Ben Densmore __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Session variable question
Yes, you would want to lock it with readonly ... but I would recommend setting your session variables to local variables at the top of the page so you only have to lock them once. THEN add some code Paul Giesenhagen QuillDesign http://www.quilldesign.com SiteDirector v2.0 - Commerce Builder > Ok, this leads me to another question about locking, If I'm doing a check > for a session variable, like say something like > > add some code > > > should I have read only locks on pieces of code like that? we do have > certain features that we look for a particular user via a session variable. > I'm wondering if I should lock all those too, or would that be overkill? > > Ben > > > > > At 11:52 AM 4/23/2002, you wrote: > >Hey Ben, try running your server in single-threaded mode ... not to > >spark up the common session locking thread again, but Ben Forta states > >that it _may_ be a wash (in terms of processing time) when you compare a > >server running single-threaded vs. var & query locking, etc and as > >Dave Watts recently posted... and I paraphrase... 'everything has a > >price'. Anyhow, being the newbie that I am, I have been running a > >similar sales tool w/ about 100 users and I have yet to turn off single > >threading. But, the general consensus is LOCK EVERYTHING ALWAYS. Of > >course, you say "all vars are locked"... Final thought, when I was > >learning/testing cfid/cftoken I built some test fields into my login > >page to echo the id/tokens and rounded up some testers and banged away. > >It didn't break so I didn't fix it! :) > > > >Good luck, > > > >Mike > > > >Ben Densmore wrote: > > > > >There is no Proxy server, at the moment the IP addresses are static. I > > >thought maybe the machines were using the same IP Address, but they are not. > > > > > >Ben > > > > > > > > >At 11:14 AM 4/23/2002, you wrote: > > > > > >>are they running behind a proxy sever? it's entirely possible that they > > >>appear to be coming from the same IP address, confusing the server. > > >> > > > > > > > __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Session variable question
Ok, this leads me to another question about locking, If I'm doing a check for a session variable, like say something like add some code should I have read only locks on pieces of code like that? we do have certain features that we look for a particular user via a session variable. I'm wondering if I should lock all those too, or would that be overkill? Ben At 11:52 AM 4/23/2002, you wrote: >Hey Ben, try running your server in single-threaded mode ... not to >spark up the common session locking thread again, but Ben Forta states >that it _may_ be a wash (in terms of processing time) when you compare a >server running single-threaded vs. var & query locking, etc and as >Dave Watts recently posted... and I paraphrase... 'everything has a >price'. Anyhow, being the newbie that I am, I have been running a >similar sales tool w/ about 100 users and I have yet to turn off single >threading. But, the general consensus is LOCK EVERYTHING ALWAYS. Of >course, you say "all vars are locked"... Final thought, when I was >learning/testing cfid/cftoken I built some test fields into my login >page to echo the id/tokens and rounded up some testers and banged away. >It didn't break so I didn't fix it! :) > >Good luck, > >Mike > >Ben Densmore wrote: > > >There is no Proxy server, at the moment the IP addresses are static. I > >thought maybe the machines were using the same IP Address, but they are not. > > > >Ben > > > > > >At 11:14 AM 4/23/2002, you wrote: > > > >>are they running behind a proxy sever? it's entirely possible that they > >>appear to be coming from the same IP address, confusing the server. > >> > > > __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Session variable question
Hey Ben, try running your server in single-threaded mode ... not to spark up the common session locking thread again, but Ben Forta states that it _may_ be a wash (in terms of processing time) when you compare a server running single-threaded vs. var & query locking, etc and as Dave Watts recently posted... and I paraphrase... 'everything has a price'. Anyhow, being the newbie that I am, I have been running a similar sales tool w/ about 100 users and I have yet to turn off single threading. But, the general consensus is LOCK EVERYTHING ALWAYS. Of course, you say "all vars are locked"... Final thought, when I was learning/testing cfid/cftoken I built some test fields into my login page to echo the id/tokens and rounded up some testers and banged away. It didn't break so I didn't fix it! :) Good luck, Mike Ben Densmore wrote: >There is no Proxy server, at the moment the IP addresses are static. I >thought maybe the machines were using the same IP Address, but they are not. > >Ben > > >At 11:14 AM 4/23/2002, you wrote: > >>are they running behind a proxy sever? it's entirely possible that they >>appear to be coming from the same IP address, confusing the server. >> __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
> are they running behind a proxy sever? it's entirely > possible that they appear to be coming from the same IP > address, confusing the server. >From CF's perspective, the fact that multiple users might share a common IP address is irrelevant. However, proxy servers can cause other problems, like improper caching. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
win2k network? check the IIS logs, see what source IPs they're coming from. christopher olive cto, vp of web development, vp it security atnet solutions, inc. 410.931.4092 http://www.atnetsolutions.com -Original Message- From: Ben Densmore [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:29 AM To: CF-Talk Subject: RE: Session variable question They access it via http://machinename.domain.com:portnumber port 80 is blocked internally so we run the server on a different port for people to access it via url. Ben At 11:22 AM 4/23/2002, you wrote: >how are they accessing the application? with the machine's local >(internal) name, or with www.blahblah.com (or whatever)? > >christopher olive >cto, vp of web development, vp it security >atnet solutions, inc. >410.931.4092 >http://www.atnetsolutions.com > > >-Original Message- >From: Ben Densmore [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 23, 2002 11:19 AM >To: CF-Talk >Subject: RE: Session variable question > > >There is no Proxy server, at the moment the IP addresses are static. I >thought maybe the machines were using the same IP Address, but they are not. > >Ben > > >At 11:14 AM 4/23/2002, you wrote: > >are they running behind a proxy sever? it's entirely possible that they > >appear to be coming from the same IP address, confusing the server. > > > >christopher olive > >cto, vp of web development, vp it security > >atnet solutions, inc. > >410.931.4092 > >http://www.atnetsolutions.com > > > > > >-Original Message- > >From: Ben Densmore [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, April 23, 2002 10:58 AM > >To: CF-Talk > >Subject: Session variable question > > > > > >I have seen this asked in the cf forums on macromedias site but don't see a > >clear answer so hopefully someone here can give me a clue. We have an order > >entry app running internally. I have 2 people that are in our sales dept > >that keep turning into one another while logged in. An example is, salesman > >A will be logged in and have administrative rights while salesman B will be > >logged in on another machine, doesn't have admin rights, but all of a > >sudden salesman B will have access to all the Admin stuff and be logged in > >as salesman A. One other weird thing is if salesman A logs out, it kills > >the session for salesman B. All session variables have been locked when > >they are created. The only thing I can think that might be happening is > >that the cfid and cftoken for these 2 guys are the same? we have about 25 > >people using this system and only these 2 people have this problem. If > >someone could give me an idea of what's going on I would really > appreciate it. > > > >Thanks, > >Ben Densmore > > > > > > > > > > __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
They access it via http://machinename.domain.com:portnumber port 80 is blocked internally so we run the server on a different port for people to access it via url. Ben At 11:22 AM 4/23/2002, you wrote: >how are they accessing the application? with the machine's local >(internal) name, or with www.blahblah.com (or whatever)? > >christopher olive >cto, vp of web development, vp it security >atnet solutions, inc. >410.931.4092 >http://www.atnetsolutions.com > > >-Original Message- >From: Ben Densmore [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 23, 2002 11:19 AM >To: CF-Talk >Subject: RE: Session variable question > > >There is no Proxy server, at the moment the IP addresses are static. I >thought maybe the machines were using the same IP Address, but they are not. > >Ben > > >At 11:14 AM 4/23/2002, you wrote: > >are they running behind a proxy sever? it's entirely possible that they > >appear to be coming from the same IP address, confusing the server. > > > >christopher olive > >cto, vp of web development, vp it security > >atnet solutions, inc. > >410.931.4092 > >http://www.atnetsolutions.com > > > > > >-Original Message- > >From: Ben Densmore [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, April 23, 2002 10:58 AM > >To: CF-Talk > >Subject: Session variable question > > > > > >I have seen this asked in the cf forums on macromedias site but don't see a > >clear answer so hopefully someone here can give me a clue. We have an order > >entry app running internally. I have 2 people that are in our sales dept > >that keep turning into one another while logged in. An example is, salesman > >A will be logged in and have administrative rights while salesman B will be > >logged in on another machine, doesn't have admin rights, but all of a > >sudden salesman B will have access to all the Admin stuff and be logged in > >as salesman A. One other weird thing is if salesman A logs out, it kills > >the session for salesman B. All session variables have been locked when > >they are created. The only thing I can think that might be happening is > >that the cfid and cftoken for these 2 guys are the same? we have about 25 > >people using this system and only these 2 people have this problem. If > >someone could give me an idea of what's going on I would really > appreciate it. > > > >Thanks, > >Ben Densmore > > > > > > > > > > __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Are you setting client side cookies? At 11:18 AM 04/23/2002 -0400, you wrote: >There is no Proxy server, at the moment the IP addresses are static. I >thought maybe the machines were using the same IP Address, but they are not. > >Ben > > >At 11:14 AM 4/23/2002, you wrote: > >are they running behind a proxy sever? it's entirely possible that they > >appear to be coming from the same IP address, confusing the server. > > > >christopher olive > >cto, vp of web development, vp it security > >atnet solutions, inc. > >410.931.4092 > >http://www.atnetsolutions.com > > > > > >-Original Message- > >From: Ben Densmore [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, April 23, 2002 10:58 AM > >To: CF-Talk > >Subject: Session variable question > > > > > >I have seen this asked in the cf forums on macromedias site but don't see a > >clear answer so hopefully someone here can give me a clue. We have an order > >entry app running internally. I have 2 people that are in our sales dept > >that keep turning into one another while logged in. An example is, salesman > >A will be logged in and have administrative rights while salesman B will be > >logged in on another machine, doesn't have admin rights, but all of a > >sudden salesman B will have access to all the Admin stuff and be logged in > >as salesman A. One other weird thing is if salesman A logs out, it kills > >the session for salesman B. All session variables have been locked when > >they are created. The only thing I can think that might be happening is > >that the cfid and cftoken for these 2 guys are the same? we have about 25 > >people using this system and only these 2 people have this problem. If > >someone could give me an idea of what's going on I would really > appreciate it. > > > >Thanks, > >Ben Densmore > > > > > > > > > __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
If there is a proxy server being used, the pages may be getting cached by the server. If cached, then user A can pull a cached page belonging to user B. The easiest solution is to add a random number at the end of each URL. This will mean the pages will never be the same (well the likelihood is drastically reduced) Cheers, Chris Bohill. Biznet -Original Message- From: Ben Densmore [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 15:58 To: CF-Talk Subject: Session variable question I have seen this asked in the cf forums on macromedias site but don't see a clear answer so hopefully someone here can give me a clue. We have an order entry app running internally. I have 2 people that are in our sales dept that keep turning into one another while logged in. An example is, salesman A will be logged in and have administrative rights while salesman B will be logged in on another machine, doesn't have admin rights, but all of a sudden salesman B will have access to all the Admin stuff and be logged in as salesman A. One other weird thing is if salesman A logs out, it kills the session for salesman B. All session variables have been locked when they are created. The only thing I can think that might be happening is that the cfid and cftoken for these 2 guys are the same? we have about 25 people using this system and only these 2 people have this problem. If someone could give me an idea of what's going on I would really appreciate it. Thanks, Ben Densmore __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
how are they accessing the application? with the machine's local (internal) name, or with www.blahblah.com (or whatever)? christopher olive cto, vp of web development, vp it security atnet solutions, inc. 410.931.4092 http://www.atnetsolutions.com -Original Message- From: Ben Densmore [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:19 AM To: CF-Talk Subject: RE: Session variable question There is no Proxy server, at the moment the IP addresses are static. I thought maybe the machines were using the same IP Address, but they are not. Ben At 11:14 AM 4/23/2002, you wrote: >are they running behind a proxy sever? it's entirely possible that they >appear to be coming from the same IP address, confusing the server. > >christopher olive >cto, vp of web development, vp it security >atnet solutions, inc. >410.931.4092 >http://www.atnetsolutions.com > > >-Original Message- >From: Ben Densmore [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 23, 2002 10:58 AM >To: CF-Talk >Subject: Session variable question > > >I have seen this asked in the cf forums on macromedias site but don't see a >clear answer so hopefully someone here can give me a clue. We have an order >entry app running internally. I have 2 people that are in our sales dept >that keep turning into one another while logged in. An example is, salesman >A will be logged in and have administrative rights while salesman B will be >logged in on another machine, doesn't have admin rights, but all of a >sudden salesman B will have access to all the Admin stuff and be logged in >as salesman A. One other weird thing is if salesman A logs out, it kills >the session for salesman B. All session variables have been locked when >they are created. The only thing I can think that might be happening is >that the cfid and cftoken for these 2 guys are the same? we have about 25 >people using this system and only these 2 people have this problem. If >someone could give me an idea of what's going on I would really appreciate it. > >Thanks, >Ben Densmore > > > > __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
Are you locking your session variables? -Original Message- From: Ben Densmore [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:19 AM To: CF-Talk Subject: RE: Session variable question There is no Proxy server, at the moment the IP addresses are static. I thought maybe the machines were using the same IP Address, but they are not. Ben At 11:14 AM 4/23/2002, you wrote: >are they running behind a proxy sever? it's entirely possible that they >appear to be coming from the same IP address, confusing the server. > >christopher olive >cto, vp of web development, vp it security >atnet solutions, inc. >410.931.4092 >http://www.atnetsolutions.com > > >-Original Message- >From: Ben Densmore [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 23, 2002 10:58 AM >To: CF-Talk >Subject: Session variable question > > >I have seen this asked in the cf forums on macromedias site but don't see a >clear answer so hopefully someone here can give me a clue. We have an order >entry app running internally. I have 2 people that are in our sales dept >that keep turning into one another while logged in. An example is, salesman >A will be logged in and have administrative rights while salesman B will be >logged in on another machine, doesn't have admin rights, but all of a >sudden salesman B will have access to all the Admin stuff and be logged in >as salesman A. One other weird thing is if salesman A logs out, it kills >the session for salesman B. All session variables have been locked when >they are created. The only thing I can think that might be happening is >that the cfid and cftoken for these 2 guys are the same? we have about 25 >people using this system and only these 2 people have this problem. If >someone could give me an idea of what's going on I would really appreciate it. > >Thanks, >Ben Densmore > > > > __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
There is no Proxy server, at the moment the IP addresses are static. I thought maybe the machines were using the same IP Address, but they are not. Ben At 11:14 AM 4/23/2002, you wrote: >are they running behind a proxy sever? it's entirely possible that they >appear to be coming from the same IP address, confusing the server. > >christopher olive >cto, vp of web development, vp it security >atnet solutions, inc. >410.931.4092 >http://www.atnetsolutions.com > > >-Original Message- >From: Ben Densmore [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 23, 2002 10:58 AM >To: CF-Talk >Subject: Session variable question > > >I have seen this asked in the cf forums on macromedias site but don't see a >clear answer so hopefully someone here can give me a clue. We have an order >entry app running internally. I have 2 people that are in our sales dept >that keep turning into one another while logged in. An example is, salesman >A will be logged in and have administrative rights while salesman B will be >logged in on another machine, doesn't have admin rights, but all of a >sudden salesman B will have access to all the Admin stuff and be logged in >as salesman A. One other weird thing is if salesman A logs out, it kills >the session for salesman B. All session variables have been locked when >they are created. The only thing I can think that might be happening is >that the cfid and cftoken for these 2 guys are the same? we have about 25 >people using this system and only these 2 people have this problem. If >someone could give me an idea of what's going on I would really appreciate it. > >Thanks, >Ben Densmore > > > > __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Session variable question
are they running behind a proxy sever? it's entirely possible that they appear to be coming from the same IP address, confusing the server. christopher olive cto, vp of web development, vp it security atnet solutions, inc. 410.931.4092 http://www.atnetsolutions.com -Original Message- From: Ben Densmore [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:58 AM To: CF-Talk Subject: Session variable question I have seen this asked in the cf forums on macromedias site but don't see a clear answer so hopefully someone here can give me a clue. We have an order entry app running internally. I have 2 people that are in our sales dept that keep turning into one another while logged in. An example is, salesman A will be logged in and have administrative rights while salesman B will be logged in on another machine, doesn't have admin rights, but all of a sudden salesman B will have access to all the Admin stuff and be logged in as salesman A. One other weird thing is if salesman A logs out, it kills the session for salesman B. All session variables have been locked when they are created. The only thing I can think that might be happening is that the cfid and cftoken for these 2 guys are the same? we have about 25 people using this system and only these 2 people have this problem. If someone could give me an idea of what's going on I would really appreciate it. Thanks, Ben Densmore __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
