> The remote file of a XMLHttp request (Spry) among other
> things is trying to set two sessions.variables.
>
> I have been told that if the remote file doesn't know the
> session CFID & CFTOKEN the new session variables wil not be
> recognized, and to avoid that I should use URLSessionFormat.
If you've set session identifier cookies (CFID/CFTOKEN or JSESSIONID,
depending on your configuration), your XmlHTTPRequest (AJAX) calls should
send those cookies as well. You shouldn't have to set session tokens in your
URLs unless you're not using cookies.
> Now, my original Spry request look like this:
>
> var request_URL
> ="/petitions/client/remote/authenticate.cfm?username="+uName+"
&password="+uPass;
> Spry.Utils.loadURL("GET", request_URL, false, authBack);
>
> which returns values as expected but does not set the session
> variables, so I combine it with URLSessionFormat, like this:
>
> var request_URL =
> '#URLSessionFormat("/petitions/client/remote/authenticate.cfm?
> username='+uName+'&password='+uPass+'")#';
>
> The variable "request_URL" will render:
> "/petitions/client/remote/authenticate.cfm;jsessionid=7e301d2f
> 98475b4d5f10?username="+uName+"&password="+uPass&CFID=300>
> &CFTOKEN=11985066"
>
> which causes Spry to catch an exception while loading the url
> and the request fails altogether.
>
> Please note the " ; " semicolumn sign between the filename
> "authenticate.cfm" and "jsessionid=" which is not like
> CF7.1 example
> "myactionpage.cfm?jsessionid=xxxx;cfid=xxxx&cftoken=xxxxxxxx"
> found in livedocs.
>
> Is either my code, macromedia example, or both wrong?
> Or maybe it needs some tweaking and fixing to replace the
> semicolumn and put the question mark in the right place?
This is kind of odd. The JSESSION token, according to the J2EE standards I
believe, is set not as a regular URL parameter but with the semicolon syntax
you've mentioned. This is how it's supposed to be set, so presumably that's
how URLSessionFormat sets it. However, only requests processed by a J2EE
server will know what to do with this. Now, if Spry can't handle this, and
you have to send JSESSIONID in the URL, I would argue that it's a bug in
Spry, but I don't think you'll be able to deal with this other than by
parsing the URL and rewriting it before Spry gets it.
But, as mentioned above, you shouldn't have to set this unless you are
setting it within every URL in your application. If you're using cookies to
track sessions, those cookies will be sent by AJAX requests just like they
would with any other request.
Finally, you should either be using CFID/CFTOKEN or JSESSIONID, not both. If
you have J2EE session management enabled within the CF Administrator, you
should be using JSESSIONID. Otherwise, you should be using CFID/CFTOKEN.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:257668
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
