RE: "Session Swapping" incident - proxy servers

2002-02-01 Thread Chris Bohill
all the links in the site. There were quite a few but we have not had a session swapping incident since. HTH, Chris. -Original Message- From: Dimo Michailov [mailto:[EMAIL PROTECTED]] Sent: 31 January 2002 21:43 To: CF-Talk Subject: Re: Session Swapping" incident Chris: I just

RE: Session Swapping" incident

2002-01-31 Thread Andy Parry
Hi, Yes we had all kinds of problems. Once we ditched client variables and cookies, moved to using (locked) session variables only (URL token passing) the problems went away. We were sure that some proxies were not permitting the creation of unique sessions. Don't really know the reason why, but i

Re: Session Swapping" incident

2002-01-31 Thread Dimo Michailov
the problem users below. > > Has anyone else had bad experiences with proxies/firewalls and session > variables swapping? > > Thanks again > > Chris. > > -Original Message- > From: Chris Bohill > Sent: 28 January 2002 15:04 > To: CF-Talk > S

RE: Session Swapping" incident

2002-01-29 Thread Chris Bohill
? Thanks again Chris. -Original Message- From: Chris Bohill Sent: 28 January 2002 15:04 To: CF-Talk Subject: Session Swapping" incident We are developing an web based application, and have recently been experiencing a number of "Session swapping" incidents. On two occasi

RE: Session Swapping" incident

2002-01-28 Thread Neil Clark
ahh! :-) __ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.th

RE: Session Swapping" incident

2002-01-28 Thread Jeffry Houser
I was either unclear or you misunderstood what I originally intended. I meant that if there are only two session variables it may be overkill to copy them into variables scope to avoid locking within the page. At 04:31 PM 01/28/2002 +, you wrote: >Doh > >"Repeat after me - if I _type_

RE: Session Swapping" incident

2002-01-28 Thread Andre Turrettini
o try something like this to ensure that the tracking info cant be messed with. DRE -Original Message- From: Jeffry Houser [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:29 AM To: CF-Talk Subject: RE: Session Swapping" incident The obvious answer is Lock, althou

RE: Session Swapping" incident

2002-01-28 Thread Neil Clark
Doh "Repeat after me - if I _type_ session, application, or server, I should type lock." You suggested that it may be overkill to lock - he's saying it should always be the case... N __ Why Share? Dedicated Win 2000 Server ·

RE: Session Swapping" incident

2002-01-28 Thread Jeffry Houser
The obvious answer is Lock, although if it's something different I'm lost. Was the following message hit by the line monster? The original poster specified that he was locking, and based on his description he was locking properly. At 04:21 PM 01/28/2002 +, you wrote: >in the words of o

RE: Session Swapping" incident

2002-01-28 Thread Neil Clark
in the words of our immortal Jedi Master on another list.. "Repeat after me - if I _type_ session, application, or server, I should __ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Ac

Re: Session Swapping" incident

2002-01-28 Thread Jeffry Houser
At 03:04 PM 01/28/2002 +, you wrote: >We have locked all session variables and only refer to them as local >variables on pages that need them. see below: > > > > > I see nothing wrong there, although if there are only two session variables, it is probably overkill. Just use cflock when yo

RE: Session Swapping" incident

2002-01-28 Thread Herbener, Martin - School Information Technology
is reason I always use client > variables > > -Original Message- > From: Chris Bohill [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:04 > To: CF-Talk > Subject: Session Swapping" incident > > > We are developing an web based application, and

RE: Session Swapping" incident

2002-01-28 Thread Andy Ewings
:[EMAIL PROTECTED]] Sent: 28 January 2002 15:04 To: CF-Talk Subject: Session Swapping" incident We are developing an web based application, and have recently been experiencing a number of "Session swapping" incidents. On two occasions a user has been navigating the system, only to

RE: Session Swapping" incident

2002-01-28 Thread Chris Bohill
No, the application is only stored on one server. -Original Message- From: Carlisle, Eric [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 15:20 To: CF-Talk Subject: RE: Session Swapping" incident Is the application running in a clustered environment? Session variables aren&#

RE: Session Swapping" incident

2002-01-28 Thread Carlisle, Eric
Is the application running in a clustered environment? Session variables aren't well suited for that. EC -Original Message- From: Chris Bohill [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:04 AM To: CF-Talk Subject: Session Swapping" incident We are

Session Swapping" incident

2002-01-28 Thread Chris Bohill
We are developing an web based application, and have recently been experiencing a number of "Session swapping" incidents. On two occasions a user has been navigating the system, only to "Swap" sessions with another user, who (we are not 100% sure) may also be viewing the site at the same time.