still ahve the site work
effectively.
What would be my best solution...
Asad
>Is there a message (comments) in here I am missing??
>
>-Original Message-
>From: Asad Khan [mailto:[EMAIL PROTECTED]
>Sent: Thursday, May 24, 2007 10:26 AM
>To: CF-Talk
>Subject: R
still ahve the site work
effectively.
What would be my best solution...
Asad
>Is there a message (comments) in here I am missing??
>
>-Original Message-
>From: Asad Khan [mailto:[EMAIL PROTECTED]
>Sent: Thursday, May 24, 2007 10:26 AM
>To: CF-Talk
>Subject: R
On Thursday 24 May 2007, Asad Khan wrote:
> what will this do by setting url.cfid=client.cfid. If I do this and a
url.cfid= *cookie*.cfid would be better.
> client still emails the entire link with these id/token in the URL, will I
> still have the same issue...
No, the ones in the actual URL
Hi Dave:
First of all thank you for your suggestions.
I ahve couple of questions here.
I have one app that is pointing to registry and one pointing to datasource. I
know that data source is the correct way of handling.
I notice the app where the admin is set to datasource, and when i look in
Is there a message (comments) in here I am missing??
-Original Message-
From: Asad Khan [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 24, 2007 10:26 AM
To: CF-Talk
Subject: Re: CFID-CFTOKEN Major Issues. HELP
>> I am having a huge problem right now, I have an application w
>> I am having a huge problem right now, I have an application
>> where I am using CFID/Cftoken as part of URL parameter. They
>> are currently being maintained in the registry.
>
>As an aside, you really don't want to store client data in the registry. Use
>a database instead.
>
>> What is the
> I am having a huge problem right now, I have an application
> where I am using CFID/Cftoken as part of URL parameter. They
> are currently being maintained in the registry.
As an aside, you really don't want to store client data in the registry. Use
a database instead.
> What is the underlyi
How are you handling security now? Session variable?
-Original Message-
From: Asad Khan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 23, 2007 8:27 PM
To: CF-Talk
Subject: CFID-CFTOKEN Major Issues. HELP
I am having a huge problem right now, I have an application where I am usin
> No, providing different data to Google spiders. If being checked by
> another spider from Google ( to check consistency ) and if different.
> Could be taken as trying to scam the system.
I'm not sure you understand exactly what I'm saying. The data on the page is no
different, it's just a mat
>>I've heard that this may cause penalties as far as ranking is concerned.
>
>Huh? Not including the CFID/CFTOKEN?? Why? If anything, it would *help*
>ranking.
>
>--- Mary Jo
No, providing different data to Google spiders. If being checked by another
spider from Google ( to check consistency )
>I've heard that this may cause penalties as far as ranking is concerned.
Huh? Not including the CFID/CFTOKEN?? Why? If anything, it would *help*
ranking.
--- Mary Jo
~|
Introducing the Fusion Authority Quarterly Update. 80 pa
> but to also do a browser check (cgi.http_user_agent)
> and exclude any that have a common search engine string in them. That
> seems to do the trick 95% of the time
I've heard that this may cause penalties as far as ranking is concerned.
~~
Mary Jo,
I like your approach. Nicely done.
..
Ben Nadel
Certified Advanced ColdFusion Developer
www.bennadel.com
-Original Message-
From: Mary Jo Sminkey [mailto:[EMAIL PROTECTED]
Sent: Monday, October 02, 2006 12:48 PM
To: CF-Talk
Subject: Re: CFID & CFT
>There is nothing that requires you to pass CFID CFTOKEN in URL unless
>you are not using cookies or something.
True, but what if you want to support users with cookies either on or off?
My approach is to do a cookie check and add the CFID/CFTOKEN if they are turned
off...but to also do a brow
There is nothing that requires you to pass CFID CFTOKEN in URL unless
you are not using cookies or something. In CFLocation tags they even
have a boolean attribute for this:
How are you doing session management?
..
Ben Nadel
Certified Advanced ColdFusion Developer
www.benn
Paul Smith wrote:
> I'm re-doing a website to use Cookies to maintain state for sessions. I'm
> only setting cookies in the browser. I assume the coding below will delete
> cookies in the visitor's browser when they close it. Not interested at
> this time in setting any cookies on the visito
44 AM
To: CF-Talk
Subject: Re: CFID/CFTOKEN newbie question
Dave,
On 3/3/2004 at 09:43, you wrote:
DW> While you're absolutely right about having to check for the cookie's
DW> existence on a subsequent page, whether CF makes the cookie value
DW> available during the page requ
Dave,
On 3/3/2004 at 09:43, you wrote:
DW> While you're absolutely right about having to check for the
DW> cookie's existence on a subsequent page, whether CF makes the
DW> cookie value available during the page request is dependent on
DW> what version of CF you're using. It does this with CFMX,
John,
On 3/3/2004 at 09:32, you wrote:
BJ> Right, that's what I meant is the addtoken attribute.
Sorry, my mental syntax checker was a little too literal when I read
your comment :)
~ Ubqtous ~
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
that checks to
see if the cookie is still there and make the decision that way. Note
that you can't cfcookie followed by a cflocation in anything before CFMX
6.1.
John Burns
-Original Message-
From: Stephen Hait [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 5:16 PM
To: CF-
, just go
that way. Those are just my thoughts out of frustration for computers
that don't accept cookies. It makes things so much easier.
John Burns
-Original Message-
From: Howie Hamlin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 4:50 PM
To: CF-Talk
Subject: Re: CFID/CF
> >
> >
> > cookies not enabled code here
> >
>
> The cookie isn't actually set until the page request setting the
> cookie completes; however, Cold Fusion makes the cookie value
> available during the page request. This means that the check for the
> cookie value has to occur on a subse
Right, that's what I meant is the addtoken attribute.
John
-Original Message-
From: Ubqtous [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 4:48 PM
To: CF-Talk
Subject: Re: CFID/CFTOKEN newbie question
John,
On 3/2/2004 at 16:41, you wrote:
BJ> And you have the optio
> Stephen,
>
> On 3/2/2004 at 17:15, you wrote:
>
> SH>
> SH>
> SH> cookies not enabled code here
> SH>
>
> The cookie isn't actually set until the page request setting the
> cookie completes; however, Cold Fusion makes the cookie value
> available during the page request. This means
> > > Bah - that's what I thought. So, how do you determine if the
> > > user has cookies or not before you go through the trouble of
> > > adding them to the url?
> >
> >
> >
> > cookies not enabled code here
> >
>
> You can't effectively test for the existence of a cookie on the same
> pag
PROTECTED]
Sent: Wednesday, 3 March 2004 8:31 AM
To: CF-Talk
Subject: Re: CFID/CFTOKEN newbie question
I beleive that the only solution you have is to pass #URLTOKEN# in every
link on the site.
Cheers,
Jeff Garza
Manager, Phoenix CFUG
[EMAIL PROTECTED]
- Original Message -
From
It was introduced in CFMX.
http://www.macromedia.com/support/coldfusion/ts/documents/cfmlhistory.htm
_
From: Matt Robertson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 6:04 PM
To: CF-Talk
Subject: Re: CFID/CFTOKEN newbie question
is URLSessionFormat() for CF6+ only, or
I don¹t see it in the CF5 Reference
BZaccheo
On 3/2/04 3:03 PM, "Matt Robertson" <[EMAIL PROTECTED]> wrote:
> is URLSessionFormat() for CF6+ only, or did it show up in CF5?
>
> --
> ---
> Matt Robertson, [EMAIL PROTECTED]
> MSB Designs, Inc. htt
MX only. When I had to write for both, I wrote a very simple UDF so
that it worked in the code.
Basically, look to see if the contents contain a '?'. If so, append the
CFID and CFTOKEN with ampersands. Else, the first one gets a questionmark.
--Ben Doom
Matt Robertson wrote:
> is URLSessio
is URLSessionFormat() for CF6+ only, or did it show up in CF5?
--
---
Matt Robertson, [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
---
--
[Todays Threads]
[This Message]
[Subscription]
[Fas
Stephen,
On 3/2/2004 at 17:15, you wrote:
SH>
SH>
SH> cookies not enabled code here
SH>
The cookie isn't actually set until the page request setting the
cookie completes; however, Cold Fusion makes the cookie value
available during the page request. This means that the check for the
c
You have to pass around cfid/cftoken in the URL, but I believe that
URLSessionFormat() will take some of the tedium out of it:
http://livedocs.macromedia.com/coldfusion/6/CFML_Reference/functions-pt2113.htm#4471249
Jamie
On Tue, 2 Mar 2004 16:25:11 -0500, in cf-talk you wrote:
>Is there a best p
> > Bah - that's what I thought. So, how do you determine if the user
> > has cookies or not before you go through the trouble of adding them
> > to the url?
>
>
>
> cookies not enabled code here
>
You can't effectively test for the existence of a cookie on the same page in
which you set the
linkRef=document.links[i];<br>
if(linkRef.host==host) {<br>
if(linkRef.search=='') {<br>
linkRef.href="">
}<br>
else {<br>
linkRef.href="">
}<br>
}<br>
}<br>
}<br>
-Original M
;br>
if(linkRef.search=='') {<br>
linkRef.href="">
}<br>
else {<br>
linkRef.href="">
}<br>
}<br>
}<br>
}<br>
-Original Message-
From: Howie Hamlin [mailto:[EMAIL PROTECTED]
Sent: Tue
> Bah - that's what I thought. So, how do you determine if the user
> has cookies or not before you go through the trouble of adding them
> to the url?
cookies not enabled code here
HTH,
Stephen
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
o: CF-Talk
Sent: Tuesday, March 02, 2004 4:48 PM
Subject: Re: CFID/CFTOKEN newbie question
John,
On 3/2/2004 at 16:41, you wrote:
BJ> And you have the option to add the token in cflocations or you can
BJ> just append #urltoken# to the end of the link.
If client management i
Bah - that's what I thought. So, how do you determine if the user has cookies or not before you go through the trouble of adding them to the url?
Thanks,
Howie
- Original Message -
From: Burns, John
To: CF-Talk
Sent: Tuesday, March 02, 2004 4:41 PM
Subject: RE: CFID/CF
John,
On 3/2/2004 at 16:41, you wrote:
BJ> And you have the option to add the token in cflocations or you can
BJ> just append #urltoken# to the end of the link.
If client management is enabled in the application, the cflocation
attribute addtoken="yes" will append CFID/CFTOKEN automatically.
~
And you have the option to add the token in cflocations or you can just
append #urltoken# to the end of the link.
John
-Original Message-
From: Jeff Garza [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 4:31 PM
To: CF-Talk
Subject: Re: CFID/CFTOKEN newbie question
I beleive
I beleive that the only solution you have is to pass #URLTOKEN# in every link on the site.
Cheers,
Jeff Garza
Manager, Phoenix CFUG
[EMAIL PROTECTED]
- Original Message -
From: Howie Hamlin
To: CF-Talk
Sent: Tuesday, March 02, 2004 2:25 PM
Subject: CFID/CFTOKEN newbie questio
t: RE: CFID, CFTOKEN contains invalid characters
> The only thing I could think of is that the CFID/CFTOKEN (which
> are stored as cookies) are holdovers from the previous site. Is
> it possible that the CFTOKEN mechanism changed from CF5 to CFMX
> so that it no longer supports foresla
> The only thing I could think of is that the CFID/CFTOKEN (which
> are stored as cookies) are holdovers from the previous site. Is
> it possible that the CFTOKEN mechanism changed from CF5 to CFMX
> so that it no longer supports foreslashes in the value?
Yes, that's certainly possible. It shou
To follow up on this, we've now figured out that all of the bad requests are
coming from a single source, the WiseNut search engine crawler. So, we can
work towards clearing up the problem but it would still be nice to know
what, exactly, is happening here.
Thanks.
--
Mosh Teitelbaum
evoch, LLC
That login script... is it using a CFLOCATION? Does that CFLOCATION include
an AddToken="Yes" attribute?
That script was originally designed to work in conjunction with cookies... I
didn't actually see the
IsDefined("Cookie.CFTOKEN")
bit in your post... although the rest looks familiar :-)
>Now
I am not sure what you are referring to with XXautotoken. I just use
session.URLToken which works perfectly(which I copy to variable.URLToken in
the application.cfm):
Andy
-Original Message-
From: Jas Panesar [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 06, 2002 8:04 PM
To: CF-Talk
Su
Hi Ryan,
All you need do is run a few lines of code at the top of each page (or even
in the application.cfm) to check and see if the cfid and cftoken values
passed via the url are in fact the same as the session.cfid and
session.cftoken variables.
If different, then relocate to a logout script.
001 16:27
> To: CF-Talk
> Subject: Re: CFID & CFTOKEN
>
>
> It really is not much of a security issue, with CF using both
> the CFTOKEN &
> CFID it would be a far fetched occurence that someone can
> guess the right
> sequence of numbers to use. If it were possibl
From: "tom muck" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, November 14, 2001 8:02 AM
Subject: Re: CFID & CFTOKEN
> You can put some code in your Application.cfm to automatically log out a
> user if they close a browse
Ryan,
> I have two questions that are slightly related:
>
> 1) I have an application with lots of different user profiles.
> If I log in as one user, and a colleague logs in as another user and
> changes his CFID and CFTOKEN to be the same as mine (for testing
> purposes), he is instantly given
You can put some code in your Application.cfm to automatically log out a
user if they close a browser:
tom
www.basic-ultradev.com
> 2) Does anyone know any JavaScript that will stop a user from clicking
> the Close button on their browser, and bring up an alert telling them
> the
> 1) I have an application with lots of different user profiles.
> If I log in as one user, and a colleague logs in as another
> user and changes his CFID and CFTOKEN to be the same as mine
> (for testing purposes), he is instantly given full access to
> my session. Is there any way I can stop
thanks for the info, but i still have one question..
when a user goes to another cf server with a cfid/token from the first
server... does the new server make a new cfid/cftoken or does it use the
one from the other server? If it does make a new one, does that overwrite
the first one?
thanks
K
Ken,
The cfid is incremented by one per user for that particular server.
The cftoken is a radomly generated number. By putting the two together you
get a unique id that in theory is unique to each individual user, but I
would not suggest trying to use that in a multiserver enviroment. I
if, by chance, this is happening as a result of using CFLOCATION, set
ADDTOKEN=NO.
-Original Message-
From: Steve Martin [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 26, 2001 8:52 AM
To: CF-Talk
Subject: RE: CFID / CFToken
The CFID and CFTOKEN are NOT automatically appended to the
The CFID and CFTOKEN are NOT automatically appended to the URL when a page
is served.
I guess you really want to find out how to stop CFID & CFTOKEN being passed
to the browser as cookies as that is how they are passed by default.
Firstly, make sure SETCLIENTCOOKIES is set to NO in your CFAPPLICAT
anks!
> -Original Message-
> From: Aidan Whitehall [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 08, 2000 1:13 PM
> To: CF-Talk
> Subject: RE: CFID-CFTOKEN Confusion (newbie)
>
>
> > is it possible that two (or more) users have the same
> > cfid
: Scott Wolf [mailto:[EMAIL PROTECTED]]
Sent: 09 November 2000 13:58
To: CF-Talk
Subject: RE: CFID-CFTOKEN Confusion (newbie)
I have my own question that's somewhat related to this
thread. Is there any way that I can save the CFID and
CFTOKEN into a database? Please let me know. Thanks
in ad
ECTED]]
Sent: Wednesday, November 08, 2000 1:13 PM
To: CF-Talk
Subject: RE: CFID-CFTOKEN Confusion (newbie)
> is it possible that two (or more) users have the same cfid&cftoken ?
>
> Wich is the best way to identify a (unique) user session ?
No. It's safe to assume that ever
> is it possible that two (or more) users have the same cfid&cftoken ?
>
> Wich is the best way to identify a (unique) user session ?
No. It's safe to assume that every user is assigned (and subsequently
returns) a unique CFID and CFTOKEN combination.
In fact, if you use session variables, Cold
make your form action look like this...
FOR Session Variables:
action="index.cfm?#session.urltoken#"
FOR Client Variables
action="index.cfm?#urltoken#"
- Original Message -
From: "Chris Farrugia" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 27, 2000 5:47 PM
Subject: CFID
Ron,
CFID/CFTOKEN variables get created when/if you enable session or client variables in
your application (aka session management). You would do this by using the
CAPPLICATION tag, usually in application.cfm. These vars uniquely identify the
user/session and need to be passed around with e
> How would you create a randomly generated alpha-numeric ( non
> duplicated) user_id / access code using SQL7 server syntax.
Well, this isn't SQL server syntax, but I often use a varchar (35) field in
the table and populate it with the result of the CF function #creatuuid()#.
This creates a "Un
Thanks, Stephen!
best, paul
At 03:34 PM 3/28/2000 +0100, you wrote:
> >
> >
> > Where is that? I have timeout set to 20 minutes.
> > But that doesn't delete the registry entry.
> >
>
>If you look on the same variables page you'll see the setting for storage of
>client variables.
>You should a
>
>
> Where is that? I have timeout set to 20 minutes.
> But that doesn't delete the registry entry.
>
If you look on the same variables page you'll see the setting for storage of
client variables.
You should already have an entry for the Registry.
Click on this and you'll get a page that allows
>From: Pete Freitag [mailto:[EMAIL PROTECTED]]
>Sent: Monday, March 27, 2000 11:55 PM
>To: [EMAIL PROTECTED]
>Subject: RE: CFID/CFTOKEN
>
>
>have you tried
>
>_
>Pete Freitag
>CFDEV.COM
>Cold Fusion Developer Resou
In the CF Admin section, you can "reap" the CFID/CFTOKENS after a select
number of days.
-Original Message-
From: Pete Freitag [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 27, 2000 11:55 PM
To: [EMAIL PROTECTED]
Subject: RE: CFID/CFTOKEN
have
have you tried
_
Pete Freitag
CFDEV.COM
Cold Fusion Developer Resources
http://www.cfdev.com/
-Original Message-
From: paul smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 27, 2000 10:05 PM
To: [EMAIL PROTECTED]
Subject: CFID/CFTOKEN
68 matches
Mail list logo