RE: What sets the domain in default CFID cookies?

Thu, 18 Nov 2004 06:23:46 -0800 

Hi
If that cflocation is changing your user's host name then I'd suggest changing 
the cflocation, probably by removing the relative path stuff and using either a 
path that starts with "/" (without http), or, to be double-sure, putting the 
whole url there (http://#CGI.HTTP_HOST#/blah/blah).  (This assumes that the 
host name is correct on the page where the cflocation is.  If it's already 
changed by then then this won't work.)

I do suggest checking your logs to be really sure that the host name switch is 
not happening earlier, maybe though a stray link or something on your site. 

        Mark

-----Original Message-----
From: Nick Cabell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 17, 2004 8:32 PM
To: CF-Talk
Subject: Re: What sets the domain in default CFID cookies?


Mark,

Thanks for your patience. I really want to figure this out.

OK, I can see that requests contain different host names (e.g. myhost.net, 
www.myhost.com, etc). The problem is that when I do a redirect via cflocation, 
a different host name than what they started with will get stored as the 
session token, and thus the session confusion. 

For example, on the home page a session token is set, then in my 
application.cfm they are redirected to the login page if they request a secure 
page, using something like this:

<cflocation 
URL="../login.cfm?requestedpage=#urlEncodedFormat(CGI.script_name)#&requestedquerystring=#urlEncodedFormat(CGI.query_string)#">

The resulting URL is set to contain a domain name that might well differ from 
the original request. 

How do others deal with this problem of multiple domain names creating 
different session tokens?

nick

> Configure your web server to log the host name of each request and 
> check it out... if you see it changing then you can use the referrer 
> (which you should also log) and find the link that is changing the 
> host name.
> 
> As for the domain value for cookies, it comes from the current host 
> name.
> 
>       Mark



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net
http://www.cfhosting.net

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:184730
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to