[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-30 Thread Taco Fleur 
Sure thing ;-)

On 8/30/07, MrBuzzy <[EMAIL PROTECTED]> wrote:
>
>
> Taco, you should also check your vars (just in case)
> http://code.google.com/p/var-scope-checker-fb/downloads/list
>
> It's worth doing before or while you check the isp stuff.
>
> On 8/30/07, David Heacock <[EMAIL PROTECTED]> wrote:
> >
> > We had the same problem last week with a client. Several people were
> > sharing sessions. It turned out to be the proxy settings on their
> > router.
> >
> >
> > Cheers
> >
> > David Heacock
> >
> >
> > On Aug 30, 9:48 am, "Taco Fleur" <[EMAIL PROTECTED]> wrote:
> > > Hello all,
> > >
> > > I was wondering if someone has seen this before. One of our
> applications is
> > > apparently displaying info that belongs to someone else. I.e. they
> sign in,
> > > see the right info, go to another page and see the sign in details of
> > > someone else.
> > >
> > > Now, the only way I can see this happening is if ColdFusion is playing
> up
> > > and getting the session info mixed up.
> > >
> > > Two users say they saw information belonging to another user when
> moving
> > > from one page to another. I just find it impossible when I look at the
> code!
> > > There is a User CFC, it contains the screen name and user id, but it
> is only
> > > populated if the user signs in. Therefore it can only be that
> Coldfusion is
> > > playing up. Anyone seen this before, know issue?
> > >
> > > Thanks in advance.
> > >
> > > --
> > > ***http://www.clickfind.com.au
> > > The new Australian search engine for businesses, products and services
> > > ***http://brisbane-web-design.pacificfox.com.aublog
> > > *** Virtual and Dedicated Servers with MS SQL from $250 a month
> > > *** Virtual and Dedicated Servers with registered version of
> ColdFusion from
> > > $350 a month
> > > *** ColdFusion licenses at the lowest price
> >
> >
> > >
> >
>
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-30 Thread MrBuzzy 

Taco, you should also check your vars (just in case)
http://code.google.com/p/var-scope-checker-fb/downloads/list

It's worth doing before or while you check the isp stuff.

On 8/30/07, David Heacock <[EMAIL PROTECTED]> wrote:
>
> We had the same problem last week with a client. Several people were
> sharing sessions. It turned out to be the proxy settings on their
> router.
>
>
> Cheers
>
> David Heacock
>
>
> On Aug 30, 9:48 am, "Taco Fleur" <[EMAIL PROTECTED]> wrote:
> > Hello all,
> >
> > I was wondering if someone has seen this before. One of our applications is
> > apparently displaying info that belongs to someone else. I.e. they sign in,
> > see the right info, go to another page and see the sign in details of
> > someone else.
> >
> > Now, the only way I can see this happening is if ColdFusion is playing up
> > and getting the session info mixed up.
> >
> > Two users say they saw information belonging to another user when moving
> > from one page to another. I just find it impossible when I look at the code!
> > There is a User CFC, it contains the screen name and user id, but it is only
> > populated if the user signs in. Therefore it can only be that Coldfusion is
> > playing up. Anyone seen this before, know issue?
> >
> > Thanks in advance.
> >
> > --
> > ***http://www.clickfind.com.au
> > The new Australian search engine for businesses, products and services
> > ***http://brisbane-web-design.pacificfox.com.aublog
> > *** Virtual and Dedicated Servers with MS SQL from $250 a month
> > *** Virtual and Dedicated Servers with registered version of ColdFusion from
> > $350 a month
> > *** ColdFusion licenses at the lowest price
>
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-30 Thread David Heacock 

We had the same problem last week with a client. Several people were
sharing sessions. It turned out to be the proxy settings on their
router.


Cheers

David Heacock


On Aug 30, 9:48 am, "Taco Fleur" <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I was wondering if someone has seen this before. One of our applications is
> apparently displaying info that belongs to someone else. I.e. they sign in,
> see the right info, go to another page and see the sign in details of
> someone else.
>
> Now, the only way I can see this happening is if ColdFusion is playing up
> and getting the session info mixed up.
>
> Two users say they saw information belonging to another user when moving
> from one page to another. I just find it impossible when I look at the code!
> There is a User CFC, it contains the screen name and user id, but it is only
> populated if the user signs in. Therefore it can only be that Coldfusion is
> playing up. Anyone seen this before, know issue?
>
> Thanks in advance.
>
> --
> ***http://www.clickfind.com.au
> The new Australian search engine for businesses, products and services
> ***http://brisbane-web-design.pacificfox.com.aublog
> *** Virtual and Dedicated Servers with MS SQL from $250 a month
> *** Virtual and Dedicated Servers with registered version of ColdFusion from
> $350 a month
> *** ColdFusion licenses at the lowest price


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Charlie Arehart \(lists account\) 
Taco, if the ideas suggested so far (and later) don't resolve this, I'd like
to make a proposal: you say you can't replicate this. One almost never can.
The problems involved are often too unique for you to replicate. (I can say,
as others have, that this is not as unique as you may think--but by the same
token, it's almost never "CF playing up". Shame that it's always blamed.)
 
But as for being able to better observe/diagnose this, note that you could
do something like CFLOG in the suspected code to write out things (to a
file) like the user's CFID and CFTOKEN, or any other data (perhaps CGI
variables) that might help to determine what's different, as they go from
one page to the next. It would seem the only way they'd get a different
session would be if the session token changes between the page requests.
CFLOG will tell you.
 
/charlie
 

  _  

From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf
Of Taco Fleur
Sent: Wednesday, August 29, 2007 8:04 PM
To: cfaussie@googlegroups.com
Subject: [cfaussie] Re: ColdFusion sessions playing up? showing info that
belongs to others? 


It's nothing like that. We don't append cftoken to the url.
The user signs in, sees the correct information, then goes to another page
and sees the information from another user they don't know (so they say).
 
I have not been able to replicate this myself.


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Haikal Saadh 

Isn't it the case that even if you make something idiot proof, someone 
will build a better idiot.

Barry Beattie wrote:
> I've been critisied in the past by indiscriminately adding NO-CACHE
> headers to my pages but the way I see it, you can make thins
> "fool-proof" but you can't make things "idiot-proof"
>
> you were lucky you got feedback to do something about it. it'd be a
> shame if the feedback came from the bankruptcy courts...
>
> >
>
>   


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Barry Beattie 

I've been critisied in the past by indiscriminately adding NO-CACHE
headers to my pages but the way I see it, you can make thins
"fool-proof" but you can't make things "idiot-proof"

you were lucky you got feedback to do something about it. it'd be a
shame if the feedback came from the bankruptcy courts...

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Taco Fleur 
Thanks, that does make me feel better. ;-)

On 8/30/07, Haikal Saadh <[EMAIL PROTECTED]> wrote:
>
>
> I don't see why *you* should have to hit your urls with an ugly stick
> because the ISP is misbehaving. I don't see why you (and other app
> developers) have to spend 10 times the CPU time serving SSL just because
> of one misconfigured ISP.
>
> You didn't think of this because this is something that should. not.
> happen.
>
>
>
> Taco Fleur wrote:
> > Yes, I've already emailed them asking to explain.
> > I took the soft approach, as there might be something I missed?
> > This raises the questions: should everyone know to append a unique
> > string to pages behind a sign in
> > Should we now be putting pages that require sign in behind SSL, even
> > though the data is not that sensitive to warrent the extra overhead of
> > SSL?
> >
> > I never thought about something like this before, an ISP caching data
> > that should only be accessible by users who signed in.
> >
> >
> > On 8/30/07, *Haikal Saadh* <[EMAIL PROTECTED]
> > > wrote:
> >
> >
> > By rights, they should. But through either malice or stupidity,
> sounds
> > like like they're not.
> >
> > I wonder if this is something a phone call could resolve.
> >
> > And if an ISP was exposing my private pages to someone else, that
> > sounds
> > like grounds for a lawsuit...
> >
> > Taco Fleur wrote:
> > > Yes, it sounds like it is a content caching issue, as both users
> > are
> > > with iprimus...
> > > Its pretty serious though... Should they not play by the rules and
> > > look at last modified dates etc?
> > >
> > > thanks guys.
> > >
> > >
> > > On 8/30/07, *Haikal Saadh* < [EMAIL PROTECTED]
> > 
> > > >>
> > wrote:
> > >
> > >
> > > The aggressive-content-caching proxy is a possible
> > explanation for
> > > this.
> > >
> > > Maybe try adding No-Cache headers to your responses?
> > >
> > > Taco Fleur wrote:
> > > > It's nothing like that. We don't append cftoken to the url.
> > > > The user signs in, sees the correct information, then goes
> to
> > > another
> > > > page and sees the information from another user they don't
> > know (so
> > > > they say).
> > > >
> > > > I have not been able to replicate this myself.
> > > >
> > > >
> >
>
>
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Haikal Saadh 

I don't see why *you* should have to hit your urls with an ugly stick 
because the ISP is misbehaving. I don't see why you (and other app 
developers) have to spend 10 times the CPU time serving SSL just because 
of one misconfigured ISP.

You didn't think of this because this is something that should. not. happen.



Taco Fleur wrote:
> Yes, I've already emailed them asking to explain.
> I took the soft approach, as there might be something I missed?
> This raises the questions: should everyone know to append a unique 
> string to pages behind a sign in
> Should we now be putting pages that require sign in behind SSL, even 
> though the data is not that sensitive to warrent the extra overhead of 
> SSL?
>  
> I never thought about something like this before, an ISP caching data 
> that should only be accessible by users who signed in.
>
>  
> On 8/30/07, *Haikal Saadh* <[EMAIL PROTECTED] 
> > wrote:
>
>
> By rights, they should. But through either malice or stupidity, sounds
> like like they're not.
>
> I wonder if this is something a phone call could resolve.
>
> And if an ISP was exposing my private pages to someone else, that
> sounds
> like grounds for a lawsuit...
>
> Taco Fleur wrote:
> > Yes, it sounds like it is a content caching issue, as both users
> are
> > with iprimus...
> > Its pretty serious though... Should they not play by the rules and
> > look at last modified dates etc?
> >
> > thanks guys.
> >
> >
> > On 8/30/07, *Haikal Saadh* < [EMAIL PROTECTED]
> 
> > >>
> wrote:
> >
> >
> > The aggressive-content-caching proxy is a possible
> explanation for
> > this.
> >
> > Maybe try adding No-Cache headers to your responses?
> >
> > Taco Fleur wrote:
> > > It's nothing like that. We don't append cftoken to the url.
> > > The user signs in, sees the correct information, then goes to
> > another
> > > page and sees the information from another user they don't
> know (so
> > > they say).
> > >
> > > I have not been able to replicate this myself.
> > >
> > >
>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Taco Fleur 
I will look at this.
Is this something thats considered a must, i.e. if you don't do it you
should know that an ISP can show the pages to someone else?

Thanks.

On 8/30/07, Ryan Sabir <[EMAIL PROTECTED]> wrote:
>
>
> We had exactly the same issue with users on iPrimus. From what I recall
> adding the no-cache directive to the headers seemed to fix the problem, but
> was hard to diagnose because it was very intermittent.
>
>
>  --
> *From:* cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] *On
> Behalf Of *Taco Fleur
> *Sent:* Thursday, 30 August 2007 10:15 AM
> *To:* cfaussie@googlegroups.com
> *Subject:* [cfaussie] Re: ColdFusion sessions playing up? showing info
> that belongs to others? 
>
>
>  Yes, it sounds like it is a content caching issue, as both users are with
> iprimus...
> Its pretty serious though... Should they not play by the rules and look at
> last modified dates etc?
>
> thanks guys.
>
>
> On 8/30/07, Haikal Saadh <[EMAIL PROTECTED]> wrote:
> >
> >
> > The aggressive-content-caching proxy is a possible explanation for this.
> >
> > Maybe try adding No-Cache headers to your responses?
> >
> > Taco Fleur wrote:
> > > It's nothing like that. We don't append cftoken to the url.
> > > The user signs in, sees the correct information, then goes to another
> > > page and sees the information from another user they don't know (so
> > > they say).
> > >
> > > I have not been able to replicate this myself.
> > >
> > >
> > > On 8/30/07, *skateboard.com.au <http://skateboard.com.au >*
> > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
> > >
> > >
> > > I had this happen where I was a bit sloppy and left links with
> > cftoken
> > > url variables in content that was cached/shared.
> > >
> > >
> > >
> > > -Original Message-
> > > From: "Taco Fleur" <[EMAIL PROTECTED]  > [EMAIL PROTECTED]>>
> > > To: cfaussie@googlegroups.com 
> > > Date: Thu, 30 Aug 2007 09:48:16 +1000
> > > Subject: [cfaussie] ColdFusion sessions playing up? showing info
> > that
> > > belongs to others? 
> > >
> > > > Hello all,
> > > >
> > > > I was wondering if someone has seen this before. One of our
> > > > applications is
> > > > apparently displaying info that belongs to someone else. I.e.
> > > they sign
> > > > in,
> > > > see the right info, go to another page and see the sign in
> > > details of
> > > > someone else.
> > > >
> > > > Now, the only way I can see this happening is if ColdFusion is
> > > playing
> > > > up
> > > > and getting the session info mixed up.
> > > >
> > > > Two users say they saw information belonging to another user
> > when
> > > > moving
> > > > from one page to another. I just find it impossible when I look
> > > at the
> > > > code!
> > > > There is a User CFC, it contains the screen name and user id,
> > > but it is
> > > > only
> > > > populated if the user signs in. Therefore it can only be that
> > > > Coldfusion is
> > > > playing up. Anyone seen this before, know issue?
> > > >
> > > > Thanks in advance.
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
>
>
> --
> *** http://www.clickfind.com.au
> The new Australian search engine for businesses, products and services
> *** http://brisbane-web-design.pacificfox.com.au blog
> *** Virtual and Dedicated Servers with MS SQL from $250 a month
> *** Virtual and Dedicated Servers with registered version of ColdFusion
> from $350 a month
> *** ColdFusion licenses at the lowest price
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Taco Fleur 
Yes, I've already emailed them asking to explain.
I took the soft approach, as there might be something I missed?
This raises the questions: should everyone know to append a unique string to
pages behind a sign in? Should we now be putting pages that require sign in
behind SSL, even though the data is not that sensitive to warrent the extra
overhead of SSL?

I never thought about something like this before, an ISP caching data that
should only be accessible by users who signed in.


On 8/30/07, Haikal Saadh <[EMAIL PROTECTED]> wrote:
>
>
> By rights, they should. But through either malice or stupidity, sounds
> like like they're not.
>
> I wonder if this is something a phone call could resolve.
>
> And if an ISP was exposing my private pages to someone else, that sounds
> like grounds for a lawsuit...
>
> Taco Fleur wrote:
> > Yes, it sounds like it is a content caching issue, as both users are
> > with iprimus...
> > Its pretty serious though... Should they not play by the rules and
> > look at last modified dates etc?
> >
> > thanks guys.
> >
> >
> > On 8/30/07, *Haikal Saadh* <[EMAIL PROTECTED]
> > > wrote:
> >
> >
> > The aggressive-content-caching proxy is a possible explanation for
> > this.
> >
> > Maybe try adding No-Cache headers to your responses?
> >
> > Taco Fleur wrote:
> > > It's nothing like that. We don't append cftoken to the url.
> > > The user signs in, sees the correct information, then goes to
> > another
> > > page and sees the information from another user they don't know
> (so
> > > they say).
> > >
> > > I have not been able to replicate this myself.
> > >
> > >
> > > On 8/30/07, *skateboard.com.au 
> > >*
> > > <[EMAIL PROTECTED] 
> > >>
> wrote:
> > >
> > >
> > > I had this happen where I was a bit sloppy and left links
> > with cftoken
> > > url variables in content that was cached/shared.
> > >
> > >
> > >
> > > -Original Message-
> > > From: "Taco Fleur" <[EMAIL PROTECTED]
> >   > >>
> > > To: cfaussie@googlegroups.com
> >   > cfaussie@googlegroups.com >
> > > Date: Thu, 30 Aug 2007 09:48:16 +1000
> > > Subject: [cfaussie] ColdFusion sessions playing up? showing
> > info that
> > > belongs to others? 
> > >
> > > > Hello all,
> > > >
> > > > I was wondering if someone has seen this before. One of our
> > > > applications is
> > > > apparently displaying info that belongs to someone else. I.e
> .
> > > they sign
> > > > in,
> > > > see the right info, go to another page and see the sign in
> > > details of
> > > > someone else.
> > > >
> > > > Now, the only way I can see this happening is if
> > ColdFusion is
> > > playing
> > > > up
> > > > and getting the session info mixed up.
> > > >
> > > > Two users say they saw information belonging to another
> > user when
> > > > moving
> > > > from one page to another. I just find it impossible when I
> > look
> > > at the
> > > > code!
> > > > There is a User CFC, it contains the screen name and user
> id,
> > > but it is
> > > > only
> > > > populated if the user signs in. Therefore it can only be
> that
> > > > Coldfusion is
> > > > playing up. Anyone seen this before, know issue?
> > > >
> > > > Thanks in advance.
> > > >
> > >
> > >
> > >
> > >
> > >
> >
>
>
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Ryan Sabir 
BTW,
 
This might be the culprit:
http://www.primus.com.au/PrimusWeb/HomeSolutions/AdditionalServices/iSpeed/
 
seeya




From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Taco 
Fleur
Sent: Thursday, 30 August 2007 10:15 AM
To: cfaussie@googlegroups.com
Subject: [cfaussie] Re: ColdFusion sessions playing up? showing info that 
belongs to others? 


Yes, it sounds like it is a content caching issue, as both users are with 
iprimus...
Its pretty serious though... Should they not play by the rules and look at last 
modified dates etc?
 
thanks guys.

 
On 8/30/07, Haikal Saadh <[EMAIL PROTECTED]> wrote: 

The aggressive-content-caching proxy is a possible explanation for this.

Maybe try adding No-Cache headers to your responses? 

Taco Fleur wrote:
> It's nothing like that. We don't append cftoken to the url.
> The user signs in, sees the correct information, then goes to another
> page and sees the information from another user they don't know (so 
> they say).
>
> I have not been able to replicate this myself.
>
>
> On 8/30/07, *skateboard.com.au <http://skateboard.com.au >*
> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
>
>
> I had this happen where I was a bit sloppy and left links with cftoken 
> url variables in content that was cached/shared.
>
>
>
> -Original Message-
> From: "Taco Fleur" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> To: cfaussie@googlegroups.com 
> Date: Thu, 30 Aug 2007 09:48:16 +1000
> Subject: [cfaussie] ColdFusion sessions playing up? showing info that
> belongs to others? 
>
> > Hello all, 
> >
> > I was wondering if someone has seen this before. One of our
> > applications is
> > apparently displaying info that belongs to someone else. I.e.
> they sign 
> > in,
> > see the right info, go to another page and see the sign in
> details of
> > someone else.
> >
> > Now, the only way I can see this happening is if ColdFusion is 
> playing
> > up
> > and getting the session info mixed up.
> >
> > Two users say they saw information belonging to another user when
> > moving
> > from one page to another. I just find it impossible when I look
> at the
> > code!
> > There is a User CFC, it contains the screen name and user id,
> but it is
> > only
> > populated if the user signs in. Therefore it can only be that
> > Coldfusion is
> > playing up. Anyone seen this before, know issue?
> >
> > Thanks in advance. 
> >
>
>
>
>
>






-- 
*** http://www.clickfind.com.au 
The new Australian search engine for businesses, products and services 
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from 
$350 a month
*** ColdFusion licenses at the lowest price 

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Ryan Sabir 
 
We had exactly the same issue with users on iPrimus. From what I recall adding 
the no-cache directive to the headers seemed to fix the problem, but was hard 
to diagnose because it was very intermittent.
 




From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Taco 
Fleur
Sent: Thursday, 30 August 2007 10:15 AM
To: cfaussie@googlegroups.com
Subject: [cfaussie] Re: ColdFusion sessions playing up? showing info that 
belongs to others? 


Yes, it sounds like it is a content caching issue, as both users are with 
iprimus...
Its pretty serious though... Should they not play by the rules and look at last 
modified dates etc?
 
thanks guys.

 
On 8/30/07, Haikal Saadh <[EMAIL PROTECTED]> wrote: 

The aggressive-content-caching proxy is a possible explanation for this.

Maybe try adding No-Cache headers to your responses? 

Taco Fleur wrote:
> It's nothing like that. We don't append cftoken to the url.
> The user signs in, sees the correct information, then goes to another
> page and sees the information from another user they don't know (so 
> they say).
>
> I have not been able to replicate this myself.
>
>
> On 8/30/07, *skateboard.com.au <http://skateboard.com.au >*
> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
>
>
> I had this happen where I was a bit sloppy and left links with cftoken 
> url variables in content that was cached/shared.
>
>
>
> -Original Message-
> From: "Taco Fleur" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> To: cfaussie@googlegroups.com 
> Date: Thu, 30 Aug 2007 09:48:16 +1000
> Subject: [cfaussie] ColdFusion sessions playing up? showing info that
> belongs to others? 
>
> > Hello all, 
> >
> > I was wondering if someone has seen this before. One of our
> > applications is
> > apparently displaying info that belongs to someone else. I.e.
> they sign 
> > in,
> > see the right info, go to another page and see the sign in
> details of
> > someone else.
> >
> > Now, the only way I can see this happening is if ColdFusion is 
> playing
> > up
> > and getting the session info mixed up.
> >
> > Two users say they saw information belonging to another user when
> > moving
> > from one page to another. I just find it impossible when I look
> at the
> > code!
> > There is a User CFC, it contains the screen name and user id,
> but it is
> > only
> > populated if the user signs in. Therefore it can only be that
> > Coldfusion is
> > playing up. Anyone seen this before, know issue?
> >
> > Thanks in advance. 
> >
>
>
>
>
>






-- 
*** http://www.clickfind.com.au 
The new Australian search engine for businesses, products and services 
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from 
$350 a month
*** ColdFusion licenses at the lowest price 

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Haikal Saadh 

By rights, they should. But through either malice or stupidity, sounds 
like like they're not.

I wonder if this is something a phone call could resolve.

And if an ISP was exposing my private pages to someone else, that sounds 
like grounds for a lawsuit...

Taco Fleur wrote:
> Yes, it sounds like it is a content caching issue, as both users are 
> with iprimus...
> Its pretty serious though... Should they not play by the rules and 
> look at last modified dates etc?
>  
> thanks guys.
>
>  
> On 8/30/07, *Haikal Saadh* <[EMAIL PROTECTED] 
> > wrote:
>
>
> The aggressive-content-caching proxy is a possible explanation for
> this.
>
> Maybe try adding No-Cache headers to your responses?
>
> Taco Fleur wrote:
> > It's nothing like that. We don't append cftoken to the url.
> > The user signs in, sees the correct information, then goes to
> another
> > page and sees the information from another user they don't know (so
> > they say).
> >
> > I have not been able to replicate this myself.
> >
> >
> > On 8/30/07, *skateboard.com.au 
> >*
> > <[EMAIL PROTECTED] 
> >> wrote:
> >
> >
> > I had this happen where I was a bit sloppy and left links
> with cftoken
> > url variables in content that was cached/shared.
> >
> >
> >
> > -Original Message-
> > From: "Taco Fleur" <[EMAIL PROTECTED]
>   >>
> > To: cfaussie@googlegroups.com
>   cfaussie@googlegroups.com >
> > Date: Thu, 30 Aug 2007 09:48:16 +1000
> > Subject: [cfaussie] ColdFusion sessions playing up? showing
> info that
> > belongs to others? 
> >
> > > Hello all,
> > >
> > > I was wondering if someone has seen this before. One of our
> > > applications is
> > > apparently displaying info that belongs to someone else. I.e.
> > they sign
> > > in,
> > > see the right info, go to another page and see the sign in
> > details of
> > > someone else.
> > >
> > > Now, the only way I can see this happening is if
> ColdFusion is
> > playing
> > > up
> > > and getting the session info mixed up.
> > >
> > > Two users say they saw information belonging to another
> user when
> > > moving
> > > from one page to another. I just find it impossible when I
> look
> > at the
> > > code!
> > > There is a User CFC, it contains the screen name and user id,
> > but it is
> > > only
> > > populated if the user signs in. Therefore it can only be that
> > > Coldfusion is
> > > playing up. Anyone seen this before, know issue?
> > >
> > > Thanks in advance.
> > >
> >
> >
> >
> >
> >
>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Taco Fleur 
Yes, it sounds like it is a content caching issue, as both users are with
iprimus...
Its pretty serious though... Should they not play by the rules and look at
last modified dates etc?

thanks guys.


On 8/30/07, Haikal Saadh <[EMAIL PROTECTED]> wrote:
>
>
> The aggressive-content-caching proxy is a possible explanation for this.
>
> Maybe try adding No-Cache headers to your responses?
>
> Taco Fleur wrote:
> > It's nothing like that. We don't append cftoken to the url.
> > The user signs in, sees the correct information, then goes to another
> > page and sees the information from another user they don't know (so
> > they say).
> >
> > I have not been able to replicate this myself.
> >
> >
> > On 8/30/07, *skateboard.com.au *
> > <[EMAIL PROTECTED] > wrote:
> >
> >
> > I had this happen where I was a bit sloppy and left links with
> cftoken
> > url variables in content that was cached/shared.
> >
> >
> >
> > -Original Message-
> > From: "Taco Fleur" <[EMAIL PROTECTED]  >>
> > To: cfaussie@googlegroups.com 
> > Date: Thu, 30 Aug 2007 09:48:16 +1000
> > Subject: [cfaussie] ColdFusion sessions playing up? showing info
> that
> > belongs to others? 
> >
> > > Hello all,
> > >
> > > I was wondering if someone has seen this before. One of our
> > > applications is
> > > apparently displaying info that belongs to someone else. I.e.
> > they sign
> > > in,
> > > see the right info, go to another page and see the sign in
> > details of
> > > someone else.
> > >
> > > Now, the only way I can see this happening is if ColdFusion is
> > playing
> > > up
> > > and getting the session info mixed up.
> > >
> > > Two users say they saw information belonging to another user when
> > > moving
> > > from one page to another. I just find it impossible when I look
> > at the
> > > code!
> > > There is a User CFC, it contains the screen name and user id,
> > but it is
> > > only
> > > populated if the user signs in. Therefore it can only be that
> > > Coldfusion is
> > > playing up. Anyone seen this before, know issue?
> > >
> > > Thanks in advance.
> > >
> >
> >
> >
> >
> >
>
>
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Haikal Saadh 

The aggressive-content-caching proxy is a possible explanation for this.

Maybe try adding No-Cache headers to your responses?

Taco Fleur wrote:
> It's nothing like that. We don't append cftoken to the url.
> The user signs in, sees the correct information, then goes to another 
> page and sees the information from another user they don't know (so 
> they say).
>  
> I have not been able to replicate this myself.
>
>  
> On 8/30/07, *skateboard.com.au * 
> <[EMAIL PROTECTED] > wrote:
>
>
> I had this happen where I was a bit sloppy and left links with cftoken
> url variables in content that was cached/shared.
>
>
>
> -Original Message-
> From: "Taco Fleur" <[EMAIL PROTECTED] >
> To: cfaussie@googlegroups.com 
> Date: Thu, 30 Aug 2007 09:48:16 +1000
> Subject: [cfaussie] ColdFusion sessions playing up? showing info that
> belongs to others? 
>
> > Hello all,
> >
> > I was wondering if someone has seen this before. One of our
> > applications is
> > apparently displaying info that belongs to someone else. I.e.
> they sign
> > in,
> > see the right info, go to another page and see the sign in
> details of
> > someone else.
> >
> > Now, the only way I can see this happening is if ColdFusion is
> playing
> > up
> > and getting the session info mixed up.
> >
> > Two users say they saw information belonging to another user when
> > moving
> > from one page to another. I just find it impossible when I look
> at the
> > code!
> > There is a User CFC, it contains the screen name and user id,
> but it is
> > only
> > populated if the user signs in. Therefore it can only be that
> > Coldfusion is
> > playing up. Anyone seen this before, know issue?
> >
> > Thanks in advance.
> >
>
>
>
>
>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Taco Fleur 
Hi David,

yes, this is something that I will check thanks.


On 8/30/07, David Harris <[EMAIL PROTECTED]> wrote:
>
>
> Hi Taco,
>
> I have seen this before, and often it's a proxy sitting between the CF
> server and the users.
>
> - user one logs in and views a page
> -- the proxy caches it
> - user two logs in and views the same page
> -- the proxy says "I've got this one, don't bother the server, use
> this one"
>
> and then shows the wrong page to user two.
>
> It may not be the case in you situation, but is something to check
> out.
>
> HTH
>
> David
>
> Taco Fleur wrote:
> > Hello all,
> >
> > I was wondering if someone has seen this before. One of our applications
> is
> > apparently displaying info that belongs to someone else. I.e. they sign
> in,
> > see the right info, go to another page and see the sign in details of
> > someone else.
> >
> > Now, the only way I can see this happening is if ColdFusion is playing
> up
> > and getting the session info mixed up.
> >
> > Two users say they saw information belonging to another user when moving
> > from one page to another. I just find it impossible when I look at the
> code!
> > There is a User CFC, it contains the screen name and user id, but it is
> only
> > populated if the user signs in. Therefore it can only be that Coldfusion
> is
> > playing up. Anyone seen this before, know issue?
> >
> > Thanks in advance.
> >
> > --
> > *** http://www.clickfind.com.au
> > The new Australian search engine for businesses, products and services
> > *** http://brisbane-web-design.pacificfox.com.au blog
> > *** Virtual and Dedicated Servers with MS SQL from $250 a month
> > *** Virtual and Dedicated Servers with registered version of ColdFusion
> from
> > $350 a month
> > *** ColdFusion licenses at the lowest price
>
>
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Taco Fleur 
It's nothing like that. We don't append cftoken to the url.
The user signs in, sees the correct information, then goes to another page
and sees the information from another user they don't know (so they say).

I have not been able to replicate this myself.


On 8/30/07, skateboard.com.au <[EMAIL PROTECTED]> wrote:
>
>
> I had this happen where I was a bit sloppy and left links with cftoken
> url variables in content that was cached/shared.
>
>
>
> -Original Message-
> From: "Taco Fleur" <[EMAIL PROTECTED]>
> To: cfaussie@googlegroups.com
> Date: Thu, 30 Aug 2007 09:48:16 +1000
> Subject: [cfaussie] ColdFusion sessions playing up? showing info that
> belongs to others? 
>
> > Hello all,
> >
> > I was wondering if someone has seen this before. One of our
> > applications is
> > apparently displaying info that belongs to someone else. I.e. they sign
> > in,
> > see the right info, go to another page and see the sign in details of
> > someone else.
> >
> > Now, the only way I can see this happening is if ColdFusion is playing
> > up
> > and getting the session info mixed up.
> >
> > Two users say they saw information belonging to another user when
> > moving
> > from one page to another. I just find it impossible when I look at the
> > code!
> > There is a User CFC, it contains the screen name and user id, but it is
> > only
> > populated if the user signs in. Therefore it can only be that
> > Coldfusion is
> > playing up. Anyone seen this before, know issue?
> >
> > Thanks in advance.
> >
> > --
> > *** http://www.clickfind.com.au
> > The new Australian search engine for businesses, products and services
> > *** http://brisbane-web-design.pacificfox.com.au blog
> > *** Virtual and Dedicated Servers with MS SQL from $250 a month
> > *** Virtual and Dedicated Servers with registered version of ColdFusion
> > from
> > $350 a month
> > *** ColdFusion licenses at the lowest price
> >
> > >
>
>
>
> >
>


-- 
*** http://www.clickfind.com.au
The new Australian search engine for businesses, products and services
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion from
$350 a month
*** ColdFusion licenses at the lowest price

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread Adam Chapman 
Hi Taco,

 

I had this happen years ago, the cause was that the two users were using
the same isp that was
heavily caching content.. the solution back then was to ensure that
every url was unique.. and/or
pass session token in the url.

 

Cheers,

Adam

 

 

  _  

From: Taco Fleur [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 30 August 2007 9:48 AM
To: cfaussie@googlegroups.com
Subject: [cfaussie] ColdFusion sessions playing up? showing info that
belongs to others? 

 

Hello all,

 

I was wondering if someone has seen this before. One of our applications
is apparently displaying info that belongs to someone else. I.e. they
sign in, see the right info, go to another page and see the sign in
details of someone else. 

 

Now, the only way I can see this happening is if ColdFusion is playing
up and getting the session info mixed up.

 

Two users say they saw information belonging to another user when moving
from one page to another. I just find it impossible when I look at the
code! There is a User CFC, it contains the screen name and user id, but
it is only populated if the user signs in. Therefore it can only be that
Coldfusion is playing up. Anyone seen this before, know issue? 

 

Thanks in advance.

-- 
*** http://www.clickfind.com.au 
The new Australian search engine for businesses, products and services 
*** http://brisbane-web-design.pacificfox.com.au blog
*** Virtual and Dedicated Servers with MS SQL from $250 a month
*** Virtual and Dedicated Servers with registered version of ColdFusion
from $350 a month
*** ColdFusion licenses at the lowest price 




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread David Harris 

Hi Taco,

I have seen this before, and often it's a proxy sitting between the CF
server and the users.

- user one logs in and views a page
-- the proxy caches it
- user two logs in and views the same page
-- the proxy says "I've got this one, don't bother the server, use
this one"

and then shows the wrong page to user two.

It may not be the case in you situation, but is something to check
out.

HTH

David

Taco Fleur wrote:
> Hello all,
>
> I was wondering if someone has seen this before. One of our applications is
> apparently displaying info that belongs to someone else. I.e. they sign in,
> see the right info, go to another page and see the sign in details of
> someone else.
>
> Now, the only way I can see this happening is if ColdFusion is playing up
> and getting the session info mixed up.
>
> Two users say they saw information belonging to another user when moving
> from one page to another. I just find it impossible when I look at the code!
> There is a User CFC, it contains the screen name and user id, but it is only
> populated if the user signs in. Therefore it can only be that Coldfusion is
> playing up. Anyone seen this before, know issue?
>
> Thanks in advance.
>
> --
> *** http://www.clickfind.com.au
> The new Australian search engine for businesses, products and services
> *** http://brisbane-web-design.pacificfox.com.au blog
> *** Virtual and Dedicated Servers with MS SQL from $250 a month
> *** Virtual and Dedicated Servers with registered version of ColdFusion from
> $350 a month
> *** ColdFusion licenses at the lowest price


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---

[cfaussie] Re: ColdFusion sessions playing up? showing info that belongs to others? ....

2007-08-29 Thread skateboard.com.au 

I had this happen where I was a bit sloppy and left links with cftoken 
url variables in content that was cached/shared. 



-Original Message-
From: "Taco Fleur" <[EMAIL PROTECTED]>
To: cfaussie@googlegroups.com
Date: Thu, 30 Aug 2007 09:48:16 +1000
Subject: [cfaussie] ColdFusion sessions playing up? showing info that 
belongs to others? 

> Hello all,
> 
> I was wondering if someone has seen this before. One of our
> applications is
> apparently displaying info that belongs to someone else. I.e. they sign
> in,
> see the right info, go to another page and see the sign in details of
> someone else.
> 
> Now, the only way I can see this happening is if ColdFusion is playing
> up
> and getting the session info mixed up.
> 
> Two users say they saw information belonging to another user when
> moving
> from one page to another. I just find it impossible when I look at the
> code!
> There is a User CFC, it contains the screen name and user id, but it is
> only
> populated if the user signs in. Therefore it can only be that
> Coldfusion is
> playing up. Anyone seen this before, know issue?
> 
> Thanks in advance.
> 
> -- 
> *** http://www.clickfind.com.au
> The new Australian search engine for businesses, products and services
> *** http://brisbane-web-design.pacificfox.com.au blog
> *** Virtual and Dedicated Servers with MS SQL from $250 a month
> *** Virtual and Dedicated Servers with registered version of ColdFusion
> from
> $350 a month
> *** ColdFusion licenses at the lowest price
> 
> > 



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cfaussie?hl=en
-~--~~~~--~~--~--~---