RE: [ACFUG Discuss] Destroy An Object
Thanks Cameron and Dean. The structDelete was what I was looking for! But Cameron, you made me think of another question when you mentioned calling init() on your user object. When do you create it? At the start of a session? Thanks again, Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cameron Childress Sent: Wednesday, July 02, 2008 6:44 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Destroy An Object On Wed, Jul 2, 2008 at 6:20 PM, Clarke Bishop [EMAIL PROTECTED] wrote: I have a user object that's stored in the session scope when a user logs in. When the session expires, the object gets garbage collected, right? It's marked for GC, and eventually gets collected. Effectively as far as the app's concerned it's gone immediately. But, if I want to destroy the object, how do I do that? Maybe this is not something that's needed often as I couldn't find an answer via the docs or Google. A few options... To delete just that one item: cfset structDelete(session,'myUserObject') / However, I usually have a isLoggedIn property on the user object (with a default value of false) and do this: cfset session.myUserObject = createObject('component','path.to.User').init() / That way the user object still exists, but in recreating it you are resetting all the props to their default values, with the significant one here being isLoggedIn = false. -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Destroy An Object
On Thu, Jul 3, 2008 at 7:52 AM, Clarke Bishop [EMAIL PROTECTED] wrote: But Cameron, you made me think of another question when you mentioned calling init() on your user object. When do you create it? At the start of a session? It depends on the site's requirements to scale. On an internal site like an intranet I sometimes will create a new user object in the onSessionStart() in the Application CFC. This allows me to init() the user and know (for example) that the session.user.firstname property will always be present. This tends to prevent alot of time development time spent worrying about isDefined() or structKeyExists() calls. For a public site that gets more traffic like search engines, which spawn new sessions with each request, I usually use a Session Facade to keep my user's session and only init the object and put it in session when a user logs in. If they are unauthenticated, the facade might still genrate a Anonymous Visitor user object on the fly, or give me one that's stored in the application scope. That's really part of the beauty of the Session Facade pattern. The facade gives me an object for that user's session, but it might or might not come from the actual session scope. All the complexity is masked inside the Session Facade and all I care about outside the Session Facade is hey you there - give me a user object for the current request!, and it gives me one. My app doesn't care where it came from, just that it's there. Also, if anyone reading this is wondering, init() isn't some magic unknown thing in CF, it's just a method I always create (by convention) as a constructor in all my CFCs. I know that (according to my convention) that I should always call init() when I create an object instance, and that by calling that init() I know that all the properties inside the object will be set to their defaults. Would this stuff be a worthwhile topic for a meeting? Patterns? -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Problem serving xls file on CF8
Your 100% certain that the the owner of the excel files is the same as the user that apache/CF is running under? that was my first thought... On Wed, Jul 2, 2008 at 9:17 AM, [EMAIL PROTECTED] wrote: I've got an application that's been running for years on CF6 and a year on CF7 is choking in a weird way on CF8. The problem is with Excel spreadsheets that are copied into a directory that's 4 levels down from the web root are giving a 500 Internal Server Error. The same file copied one level up is accessible, but then crashes both IE and Firefox. These are real Excel files that are copied through the file system, not by code. This is on a solaris/apache box. I've verified that directory/file permissions are the same as they were previously when it worked. Is there something I should be looking for in the CF admin? -- Andy Fox Systems Analyst III Georgia Tech OIT-EIS - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Problem serving xls file on CF8
On Thu, Jul 3, 2008 at 9:41 AM, Steven Ross [EMAIL PROTECTED] wrote: Your 100% certain that the the owner of the excel files is the same as the user that apache/CF is running under? Yup - mine too... The file permissions may be the same, but what about CF's user? CF8 might be running as a different user than CF7 previously ran as. -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Problem serving xls file on CF8
You probably know this already but, for anyone else out there that may find this useful. ps -ex | grep 'cfusion' (i think on solaris, use -ef on mac/linux) -Steven On Thu, Jul 3, 2008 at 9:48 AM, Cameron Childress [EMAIL PROTECTED] wrote: On Thu, Jul 3, 2008 at 9:41 AM, Steven Ross [EMAIL PROTECTED] wrote: Your 100% certain that the the owner of the excel files is the same as the user that apache/CF is running under? Yup - mine too... The file permissions may be the same, but what about CF's user? CF8 might be running as a different user than CF7 previously ran as. -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows.But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other).Executing the browser twice keeps separate sessions.But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that.And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit. -Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon [EMAIL PROTECTED] wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows.But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other).Executing the browser twice keeps separate sessions.But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that. And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
Actually, that has nothing to do with it Steve, the issue is not one of state at all. The problem is one of process isolation assuming we're referring to session cookies which are only retained in memory. IE supports a different process per browser window, Firefox does not. For cookies which are placed on disk, they are shared amongst all browser instances, even when they have separate memory footprints. Cookieless sessions are a security flaw, due to the ease of compromise of the session token from the query string either on the user's system or via web server logs and even referer logs. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] [T]he people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. --Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials On Jul 3, 2008, at 12:32 PM, Steven Ross wrote: What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit. -Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon [EMAIL PROTECTED] wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows.But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other).Executing the browser twice keeps separate sessions. But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that.And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
Well..maybe, maybe not... Just for theoretical sake...you COULD make this work - would it be worth the trouble, that really depends on how many users do what was described below. But, you COULD get creative... Something like this. Let's say that there's a portal page to your application...you could actually force a new cfid and cftoken on that page and ALSO, you'd have to make sure it wasn't a temporary cookie. You'd have to make it a persistent cookie so that it wasn't in the browsers memory (otherwise they'd collide). Then, each tab would basically have it's own cfid/cftoken pair that would be unique to those browser sessions and you could have the user running two different sessions at a time. If you're not familiar with how the cookie is handled for the cf session, you'll definitely want to do some reading on that. Now, I will say with that with this approach, you may run into some weird things that you had not thought about before...but in theory, it's possible. Allen From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Ross Sent: Thursday, July 03, 2008 12:33 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit. -Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows.But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other).Executing the browser twice keeps separate sessions.But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that.And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLinkhttp://www.fusionlink.com - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLinkhttp://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
Allen, Sorry, but you are wrong here. You cannot do that. If the cookie is on disk, it is shared across all browser instances. Session cookies (non-persistent) may work if you can guarantee separate browser instances, which you can't do with tabs. I'd suggest some reading on the basics of the HTTP protocols for further info. The HTTP book from O'Reilly is good. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] [T]he people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. --Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials On Jul 3, 2008, at 12:44 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well..maybe, maybe not... Just for theoretical sake...you COULD make this work - would it be worth the trouble, that really depends on how many users do what was described below. But, you COULD get creative... Something like this. Let's say that there's a portal page to your application...you could actually force a new cfid and cftoken on that page and ALSO, you'd have to make sure it wasn't a temporary cookie. You'd have to make it a persistent cookie so that it wasn't in the browsers memory (otherwise they'd collide). Then, each tab would basically have it's own cfid/cftoken pair that would be unique to those browser sessions and you could have the user running two different sessions at a time. If you're not familiar with how the cookie is handled for the cf session, you'll definitely want to do some reading on that. Now, I will say with that with this approach, you may run into some weird things that you had not thought about before...but in theory, it's possible. Allen From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Ross Sent: Thursday, July 03, 2008 12:33 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit. -Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon [EMAIL PROTECTED] wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows.But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other).Executing the browser twice keeps separate sessions. But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that.And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/
Re: [ACFUG Discuss] Problem serving xls file on CF8
The files aren't owned by the user that the CF server is running as, but they are in the same group and that group has both read and execute permissions on the files/directories in question. This is the same arrangement we had with CF7 as well. I just tried opening a copy of one of the spreadsheets that IS owned by the user the server is running as - same result: error in 4th level dir, open in 3rd, but browser flakes out. - Original Message - From: Steven Ross [EMAIL PROTECTED] To: discussion@acfug.org Sent: Thursday, July 3, 2008 10:03:41 AM (GMT-0500) Auto-Detected Subject: Re: [ACFUG Discuss] Problem serving xls file on CF8 You probably know this already but, for anyone else out there that may find this useful. ps -ex | grep 'cfusion' (i think on solaris, use -ef on mac/linux) -Steven On Thu, Jul 3, 2008 at 9:48 AM, Cameron Childress [EMAIL PROTECTED] wrote: On Thu, Jul 3, 2008 at 9:41 AM, Steven Ross [EMAIL PROTECTED] wrote: Your 100% certain that the the owner of the excel files is the same as the user that apache/CF is running under? Yup - mine too... The file permissions may be the same, but what about CF's user? CF8 might be running as a different user than CF7 previously ran as. -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -- Andy Fox Systems Analyst III Georgia Tech OIT-EIS 404-894-4413 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
I'll take your word for it... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Thursday, July 03, 2008 12:50 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers Allen, Sorry, but you are wrong here. You cannot do that. If the cookie is on disk, it is shared across all browser instances. Session cookies (non-persistent) may work if you can guarantee separate browser instances, which you can't do with tabs. I'd suggest some reading on the basics of the HTTP protocols for further info. The HTTP book from O'Reilly is good. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] [T]he people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. --Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials On Jul 3, 2008, at 12:44 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well..maybe, maybe not... Just for theoretical sake...you COULD make this work - would it be worth the trouble, that really depends on how many users do what was described below. But, you COULD get creative... Something like this. Let's say that there's a portal page to your application...you could actually force a new cfid and cftoken on that page and ALSO, you'd have to make sure it wasn't a temporary cookie. You'd have to make it a persistent cookie so that it wasn't in the browsers memory (otherwise they'd collide). Then, each tab would basically have it's own cfid/cftoken pair that would be unique to those browser sessions and you could have the user running two different sessions at a time. If you're not familiar with how the cookie is handled for the cf session, you'll definitely want to do some reading on that. Now, I will say with that with this approach, you may run into some weird things that you had not thought about before...but in theory, it's possible. Allen From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Ross Sent: Thursday, July 03, 2008 12:33 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit. -Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon [EMAIL PROTECTED] wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows.But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other).Executing the browser twice keeps separate sessions. But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that.And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers
On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon [EMAIL PROTECTED] wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? Short answer - no. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows. This is a pretty common user behavior, and I (as a user) would expect any site to handle this gracefully. I guess one way around this is cookieless sessions I don't think this will do anything to solve your problem. Or is there a good way to tell if the user does have 2 windows open with the same session? Not really. Why don't you attack this a different way? Since I think the whole open in two tabs behavior is pretty normal, I don't think you should try to mess with the user's experience by trying to prevent it. What specifically does your app do that's bad when two tabs are open? I suspect changing the app's architecture to gracefully deal with two open tabs will be easier, and will make for a more positive user experience at the same time. Frankly, if I tried to a open a site in a second tab and it prevented me from opening the tab or reset my session, I'd think it was a poorly designed site and be grumpy. -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -