Re: clientVar storage/multiple CFAS/single storage db
This is a pretty old post but given its importance as related to client variables I want to revist this. I have a system setup where two cf machines are tied together via dns round-robin and share the same database for client storage. As the number of simultaneous users increasesd, the number of users overstepping/intruding into other's client memory space have increased to such as a point that I had to store the IP of the client user as part of the client init and verify the user ip with the client var each time as not to assume the cfid/cftoken on the client browser do actually belong to them. I have not personally reproduced on my machines but given the hundreds of reports this is not a coincidence. Other than the round-robin setup there are nothing special about the way the client vars are stored in the database. Although this problem has been seen more from IE 5 users, it is not exclusively IE. Netscape and IE 5.5 users have also reported this problem. Not sure if SP2 has addressed this problem but I hope somebody here has clue as why this is so. Again, this only surfaces as traffic increases. I have asked users to manually remove all their cookies stored on their browser to make sure it's not the browser's fault. It didn't work. I thought mabye the cfapplication setdomain option was at fault but none of the combinations resolved the issues. The weird thing is that once you overstep into another person's memory space, you will ALWAYS overstep into that particular person's client vars in the future. This is not a you assume a random person's identity every time. CF's client management system somehow remembers you AND someone that you shouldn't be associated with. I have no clue why this is so. In fact, this problem is a bit related to an thread way back when where someone had a perculiar SQL error with CF trying to create duplicate CDATA entries. Forgot who was the original poster but that person had trouble with client states with IE 5 browsers. At first I really didn't believe it could happen to me, will...it has and I'm clueless. The only solution I have, thus far, is to manually verify an additional bit of information (IP adderss) for each client accessed page. Xing p.s. Maybe CF 5 should let us modify the client creation/deletion/verification SQL scripts? It's no secret the generic statements they use and I don't see a reason why they shouldn't make them customizable. - Original Message - From: "paul smith" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, November 19, 2000 12:07 PM Subject: Re: clientVar storage/multiple CFAS/single storage db The problem (if there is one) is that the next (or last, I don't know which) value of CFID is kept in the Registry. Two machines that don't talk to one another means both machines *could* come up with the same CFID. Even if possible, it must be very unlikely (ordinarily). OTOH, if you start out with 2 machines, each with a new install of CF, they BOTH start out with CFID=1 at the same time ;-) In addition, in one cookie-less app I've developed, I see that CFAS increments the Register-based current value of CFID with each page request. So while my app might have CFID=56321 with each page request in one instance of the app, if I start another instance of the app it might have CFID=56402 (with the app not accessed by anyone in the interim). best, paul At 11:59 AM 11/19/00 -0500, you wrote: I presume if it's in the registry or a database, it's not going to assign a pair to anyone that is already existing. Therefore, I don't see how two people could end up with the same pair. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: clientVar storage/multiple CFAS/single storage db
Xing: Since I was storing client variables in a database anyway, for this but mainly other reasons I went to a scheme where I create CFI/CFT pairs (analogous to CFID/CFTOKEN pairs) using my own algorithm. Since CFI is incremented by 1 in a single table for each new user no matter how many machines are in the server farm, it's not possible to have duplicate CFIs. While I understand how machines in a farm could have the same CFID (because CFAS in each machine generates CFID independently), I'm still surprised it turned out to be such a problem. best, paul At 06:49 PM 12/19/00 -0800, you wrote: This is a pretty old post but given its importance as related to client variables I want to revist this. I have a system setup where two cf machines are tied together via dns round-robin and share the same database for client storage. As the number of simultaneous users increasesd, the number of users overstepping/intruding into other's client memory space have increased to such as a point that I had to store the IP of the client user as part of the client init and verify the user ip with the client var each time as not to assume the cfid/cftoken on the client browser do actually belong to them. I have not personally reproduced on my machines but given the hundreds of reports this is not a coincidence. Other than the round-robin setup there are nothing special about the way the client vars are stored in the database. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: clientVar storage/multiple CFAS/single storage db
Bud: I assume you mean URL string not query string, and the answer is Yes. I'm not using cookies and am instead passing CFID/CFTOKEN in the URL as follows: http://www.MyApp.com/index.cfm/CD.38230/CN.80270945 Modified Fusebox-style-wise, app_globals.cfm uses CD.38230 to assign 38230 to url.cfid and uses CN.80270945 to assign 80270945 to url.cftoken This automatically maintains state because each user has unique URLs. (This has the interesting side effect that spiders will see different URLs on each visit. I don't know if this is a good thing or a bad thing.) best, paul At 05:46 AM 11/20/00 -0500, you wrote: In addition, in one cookie-less app I've developed, I see that CFAS increments the Register-based current value of CFID with each page request. So while my app might have CFID=56321 with each page request in one instance of the app, if I start another instance of the app it might have CFID=56402 (with the app not accessed by anyone in the interim). Are you passing cfid and cftoken in a query string? Either with or without cookies, if there is no cfid and cftoken to check for, CF is going to create a new cfid for each page request because it's going to think it's a new client every time. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: clientVar storage/multiple CFAS/single storage db
On 11/18/00, pan penned: If clientP is using App_1 on ServerA and clientQ is using App_1 on ServerB, how likely is it, if at all, that the entries in CDATA/CGLOBAL are conflated? I believe that you won't end up with the same cfid/cftoken pair under the same application name. If the user is using cookies and goes from one site to another, on the same or different machines, even if he goes to a site using the same application name, his cookies shouldn't be read because the domain names are different. If he's not using cookies, unless you had a variable in a link pointing from one domain to another domain using the same application name, and some way to pick that variable up on the second domain, he should be read as a brand new user and assigned a new cfid/cftoken. That's simply my hypothesis. It shouldn't really work any different than if you had a separate client var database for each machine. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: clientVar storage/multiple CFAS/single storage db
At 05:17 AM 11/19/00 -0500, you wrote: On 11/18/00, pan penned: If clientP is using App_1 on ServerA and clientQ is using App_1 on ServerB, how likely is it, if at all, that the entries in CDATA/CGLOBAL are conflated? I believe that you won't end up with the same cfid/cftoken pair under the same application name. I don't believe they'll get the same cfid/cftoken pair either, but I don't see what prevents them from getting the same cfid. What happens with cftoken then I don't know. But though unlikely, I don't yet see how it's impossible to get the same cfid/cftoken pair. best, paul ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: clientVar storage/multiple CFAS/single storage db
The problem (if there is one) is that the next (or last, I don't know which) value of CFID is kept in the Registry. Two machines that don't talk to one another means both machines *could* come up with the same CFID. Even if possible, it must be very unlikely (ordinarily). OTOH, if you start out with 2 machines, each with a new install of CF, they BOTH start out with CFID=1 at the same time ;-) In addition, in one cookie-less app I've developed, I see that CFAS increments the Register-based current value of CFID with each page request. So while my app might have CFID=56321 with each page request in one instance of the app, if I start another instance of the app it might have CFID=56402 (with the app not accessed by anyone in the interim). best, paul At 11:59 AM 11/19/00 -0500, you wrote: I presume if it's in the registry or a database, it's not going to assign a pair to anyone that is already existing. Therefore, I don't see how two people could end up with the same pair. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
clientVar storage/multiple CFAS/single storage db
In a non-clustered network of machines, each machine having CFAS running, that uses a single dsn for client var storage - are CFIDs uniquely assigned for the storage db, or is each CFAS assigning CFIDs independently of each other? In both CDATA and CGLOBAL the field cfid actually stores the cfid-cftoken values as xx-. Is there any guarantee, in the above described network, that each cfid in CDATA and CGLOBAL actually points back to the originating server? Is it possible for serverA to have created the same cfid-cftoken pair as serverB and thus any entries in the shared clientVar storage db might not uniquely refer to different clients on the serveral servers? CDATA is indexed on multiple columns (cfid,app), but CGLOBALS has two indices ((cfid),(lvist)). If clientP is using App_1 on ServerA and clientQ is using App_1 on ServerB, how likely is it, if at all, that the entries in CDATA/CGLOBAL are conflated? I'm thinking they could be commingled. The CFID element seems to be a simply incremented value each CFAS generates as need. The CFTOKEN is not a simply incremented value - don't know how they are generated - this may resolve the potential problem, but I don't see how the different CFASs could inform each other which CFTOKENs have been assigned. ??? Pan ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: clientVar storage/multiple CFAS/single storage db
Looks like they're assigning CFIDs independently. I believe CFAS keeps track of the last CFID in the registry. best, paul At 01:19 PM 11/18/00 -0800, you wrote: In a non-clustered network of machines, each machine having CFAS running, that uses a single dsn for client var storage - are CFIDs uniquely assigned for the storage db, or is each CFAS assigning CFIDs independently of each other? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists