----- Original Message ----- From: "Bryan Love" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, May 28, 2003 3:18 PM Subject: RE: Client variables and SSL problem
> As you know, client variables are keyed off of cfid and cftoken which MUST > be passed via cookie or url in order to maintain state. What you might not > know is that client variables are also keyed off of the application name (as > specified in <cfapplication...>). Make sure the application name is the > same for the http site and the https site and perhaps that will fix it. > Another good suggestion, but no dice. Doublechecked the database (client variables are stored in MSSQL via ODBC) and only one application name. I *did* notice that many users have multiple clientId values (I searched through the CDATA.data field for usernames to find dupes). These map fairly well to http vs https logins and I validated the same thing from a test server -- I can watch the cfid change when I login http and login https from the same browser on the same machine. So I'm rewriting the security system now :) Regards, John Paul Ashenfelter CTO/TransitionPoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
