Hi!
Sorry for my late answer, I couldn't find the time to pursue this any earlier..
Paul Hastings wrote:
> not really good w/cflogin & you're not showing all your code but i
> always add <cfprocessingdirective pageencoding="utf-8"> to any
> unicode pages as well as <cfset setEncoding("form","utf-8")>, etc for
> form & url vars.
We use the correct page encoding and set a BOM, but I also tried
cfprocessingdirective in addition to everything else, but that didn't work
either. As this is cflogin with HTTP Basic Auth, form variables are not an
issue here.
> what do you see if you dump out the form vars? what happens if you
> stay w/utf-8 & use another password (like 'xxxx' or something)?
As I said, there are no form variables as there is no form. When the password
just contains plain ASCII chars, authentication works fine.
What's more puzzling: The issue seems to be somehow browser related; using
Opera 9.62, I can login successfully even when I use a password with non-ASCII
chars, but all the other browsers I have tested (i.e. Safari 3.1.2 for Windows,
Internet Explorer 7 and Firefox 3.0.4 for Windows, Safari 3.1 for Mac OS,
Camino 1.5.1Int for Mac and Mozilla 2.0.0.12 for Mac) fail.
Here's a full standalone example which reproduces this error on my servers:
<!--- start of index.cfm --->
<cfsilent>
<cfprocessingdirective pageencoding="UTF-8">
<cfscript>
variables.strLogin='foo';
variables.strPassword='fürth';
variables.strRealm='Login für diese Seite';
REQUEST.userAuthenticated = false;
</cfscript>
</cfsilent>
<cflogin>
<cfif isDefined('CFLOGIN')>
<cfif CFLOGIN.name eq variables.strLogin and CFLOGIN.password
eq variables.strPassword>
<cfset REQUEST.userAuthenticated = true>
</cfif>
</cfif>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<title>CF-Login-Test</title>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
</head>
<body>
<cfif NOT REQUEST.userAuthenticated>
<cfheader statuscode="401">
<cfheader name="WWW-Authenticate" value="Basic
realm=""#variables.strRealm#""">
Login not successful.
<cfelse>
Login successful.
</cfif>
</body>
</html>
</cflogin>
<!--- /end of index.cfm --->
The page is saved in Unicode (UTF-8) with BOM im DreamWeaver. When I call this
page, I cannot log in. When I change variables.strPassword to something that
only contains ASCII chars (no Umlauts, special chars), I can login.
We're running ColdFusion 8,0,1,195765 Enterprise 64-bit standalone server
install, Webserver is Debian's Apache 2.2.3-4+etch6. When I cancel
authorisation, I get the following response header with Firefox on Windows:
------------
Date: Mon, 17 Nov 2008 12:43:38 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-9~computec+2 proxy_html/2.5
mod_ssl/2.2.3 OpenSSL/0.9.8c JRun/4.0
Set-Cookie: CFAUTHORIZATION_=;expires=Sat, 17-Nov-2007 12:43:38 GMT;path=/
WWW-Authenticate: Basic realm="Login für diese Seite"
Content-Language: de-DE
Cache-Control: max-age=0
Expires: Mon, 17 Nov 2008 12:43:38 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
401 Unauthorized
------------
If i use a plain ascii password and login successfully, I get the following
response header:
------------
Date: Mon, 17 Nov 2008 12:45:03 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-9~computec+2 proxy_html/2.5
mod_ssl/2.2.3 OpenSSL/0.9.8c JRun/4.0
Set-Cookie: CFAUTHORIZATION_=;expires=Sat, 17-Nov-2007 12:45:03 GMT;path=/
Content-Language: de-DE
Cache-Control: max-age=0
Expires: Mon, 17 Nov 2008 12:45:03 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
200 OK
------------
Any ideas on this?
Kind regards
Markus
Computec Media AG
Sitz der Gesellschaft und Registergericht: Fürth (HRB 8818)
Vorstandsmitglieder: Johannes S. Gözalan (Vorsitzender) und Rainer Rosenbusch
Vorsitzender des Aufsichtsrates: Jürg Marquard
Umsatzsteuer-Identifikationsnummer: DE 812 575 276
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315357
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
