Using code to manage CFID and CFTOKEN is *not* rolling your own. What they've done sounds like your basic cluster f**k. ;-) If they had implemented a true "roll your own" solution there would not be any CFID or CFTOKEN in use and you wouldn't be having the problems you're having. Of course I'm also assuming that the "roll your own" solution isn't a screw up in itself. Bad code is bad code... it's just that simple.
As for using CFID/CFTOKEN on numerous sites with no problems... more power to you. My experience (and the experiences of others, some even on this list) has been different. And it seems like the same misfortune has possibly just caught up with you. ;-) Picking a (small) random number is not exactly the method I would be using to set unique cookies. It's a simple matter of odds. If you're picking a random number between 1 and 1000... your chances of picking that same number again are 1 in 1000. Now, if you assign that number to a person and store it in a database, and do so with everyone else... pretty soon you start to pick the same numbers that are already in use... and you start to do it more and more frequently. The same principle applies to CFID/CFTOKEN.... the only difference is that it's a slightly bigger number. Once you store half a million records... you're going to start picking the same "random" numbers just by chance. Don't do anything about it... and the problem will get worse. -Novak ----- Original Message ----- From: "John Paul Ashenfelter" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, June 25, 2003 5:02 AM Subject: Re: Client variable problem -- duplicates in CDATA > > Yet another reason why I hate to use CFID and CFTOKEN. Roll your own is > the > > way to go... > > Actually, rolling their own is what caused this problem. I've used CF's > client variables (and session of course, which are also hooked into the > CFID/CFTOKEN) on numerous sites with no issues. These guys wrote code that > manages the CFID/CFTOKEN variables themselves -- so both the code and CF are > adjusting things. > > > The recommendation to use UUIDs is probably your best bet. How long will > it > > take to modify your code? > > Wish I knew -- not my code. 30,000 lines to sweep for any issues with state > management -- and they didn't even use consistent variables names. Looking > for bandaid maintenance while the new (2 month) redesign is in process. Easy > enough to test using UUIDs I guess. > > > Another solution is to manually clean out the CDATA and CGLOBAL tables. > My > > guess is you have a bunch of old records in there where people haven't > come > > back in AGES. Remember, CF has been known to not properly clean up the > > CDATA and CGLOBAL tables even though the CFAdmin settings are in there. > > You'll be able to quickly determine this by looking at your database > tables > > (please tell me you ARE using database tables right?) > > Like I said in the post -- MS-SQL, ODBC client store. Cleaned out the > database about a month ago -- so the 400k clients are all in the past month. > Of course I don't think they are all really clients since the CDATA table > has about 6x the rows of CGLOBAL. I'm trying the MM hotfix for making > ODBC-based client stores purge properly, but I think that a scheduled job in > MSSQL is going to have to be the solution. > > > -Novak > > > Regards, > > John Paul Ashenfelter > CTO/TransitionPoint > > > ----- Original Message ----- > > From: "John Paul Ashenfelter" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, June 24, 2003 1:17 PM > > Subject: Client variable problem -- duplicates in CDATA > > > > > > > Hi folks, > > > > > > Working with a client on an existing website -- we're getting this > error: > > > > > > "Cannot insert duplicate key row in object 'CDATA' with unique index > > 'id1'" > > > > > > We're using ColdFusion 5, MS-SQL 2000, Win2k server, Apache 1.3.24 web > > server. Client variables are being stored in an ODBC database. > > > > > > Of course it's straightforward to remove the offending row, but it's > > happening about once a week now to random visitors (that is, one or maybe > > two errors per week). Any thoughts? Googling turned up 2 not too useful > > hits. No luck in MM technotes so far, other than the suggestion to go to > > UUID-based keys, which would require reworking parts of the application. > > > > > > We've got about 400,000+ client ids/month, which seems really high to me > > based on site traffic, so I think somethings going on with the weird > > session/client/cookie "security" management code written by the original > > developers. Using Pro, not Enterprise so MIB client variables shouldn't be > > an issue. Any other thoughts? > > > > > > > > > Regards, > > > > > > John Paul Ashenfelter > > > CTO/Transitionpoint > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
