Since it appears to work in one browser but not in others, I'd try
troubleshooting by switching from basic auth to using a form so you
can capture what was sent by the browser and save it to a file. See if
what is being saved out differs between Opera and Firefox. If it is,
then the issue would seem to be a client-side setting. If it isn't,
then I'm guessing that it has to do with the http auth part of your
equation.
Judah
On Mon, Nov 17, 2008 at 4:54 AM, Markus Wollny
<[EMAIL PROTECTED]> wrote:
> Hi!
>
> Sorry for my late answer, I couldn't find the time to pursue this any
> earlier..
>
> Paul Hastings wrote:
>> not really good w/cflogin & you're not showing all your code but i
>> always add <cfprocessingdirective pageencoding="utf-8"> to any
>> unicode pages as well as <cfset setEncoding("form","utf-8")>, etc for
>> form & url vars.
>
> We use the correct page encoding and set a BOM, but I also tried
> cfprocessingdirective in addition to everything else, but that didn't work
> either. As this is cflogin with HTTP Basic Auth, form variables are not an
> issue here.
>
>> what do you see if you dump out the form vars? what happens if you
>> stay w/utf-8 & use another password (like 'xxxx' or something)?
>
> As I said, there are no form variables as there is no form. When the password
> just contains plain ASCII chars, authentication works fine.
>
> What's more puzzling: The issue seems to be somehow browser related; using
> Opera 9.62, I can login successfully even when I use a password with
> non-ASCII chars, but all the other browsers I have tested (i.e. Safari 3.1.2
> for Windows, Internet Explorer 7 and Firefox 3.0.4 for Windows, Safari 3.1
> for Mac OS, Camino 1.5.1Int for Mac and Mozilla 2.0.0.12 for Mac) fail.
>
> Here's a full standalone example which reproduces this error on my servers:
>
> <!--- start of index.cfm --->
> <cfsilent>
> <cfprocessingdirective pageencoding="UTF-8">
> <cfscript>
> variables.strLogin='foo';
> variables.strPassword='fürth';
> variables.strRealm='Login für diese Seite';
> REQUEST.userAuthenticated = false;
> </cfscript>
> </cfsilent>
>
> <cflogin>
> <cfif isDefined('CFLOGIN')>
> <cfif CFLOGIN.name eq variables.strLogin and CFLOGIN.password
> eq variables.strPassword>
> <cfset REQUEST.userAuthenticated = true>
> </cfif>
> </cfif>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd";>
> <html>
> <head>
> <title>CF-Login-Test</title>
> <meta http-equiv="Content-Type" content="text/html;
> charset=utf-8">
> </head>
> <body>
> <cfif NOT REQUEST.userAuthenticated>
> <cfheader statuscode="401">
> <cfheader name="WWW-Authenticate" value="Basic
> realm=""#variables.strRealm#""">
> Login not successful.
> <cfelse>
> Login successful.
> </cfif>
> </body>
> </html>
> </cflogin>
> <!--- /end of index.cfm --->
>
> The page is saved in Unicode (UTF-8) with BOM im DreamWeaver. When I call
> this page, I cannot log in. When I change variables.strPassword to something
> that only contains ASCII chars (no Umlauts, special chars), I can login.
>
> We're running ColdFusion 8,0,1,195765 Enterprise 64-bit standalone server
> install, Webserver is Debian's Apache 2.2.3-4+etch6. When I cancel
> authorisation, I get the following response header with Firefox on Windows:
> ------------
> Date: Mon, 17 Nov 2008 12:43:38 GMT
> Server: Apache/2.2.3 (Debian) PHP/5.2.0-9~computec+2 proxy_html/2.5
> mod_ssl/2.2.3 OpenSSL/0.9.8c JRun/4.0
> Set-Cookie: CFAUTHORIZATION_=;expires=Sat, 17-Nov-2007 12:43:38 GMT;path=/
> WWW-Authenticate: Basic realm="Login für diese Seite"
> Content-Language: de-DE
> Cache-Control: max-age=0
> Expires: Mon, 17 Nov 2008 12:43:38 GMT
> Connection: close
> Transfer-Encoding: chunked
> Content-Type: text/html; charset=UTF-8
>
> 401 Unauthorized
> ------------
>
> If i use a plain ascii password and login successfully, I get the following
> response header:
> ------------
> Date: Mon, 17 Nov 2008 12:45:03 GMT
> Server: Apache/2.2.3 (Debian) PHP/5.2.0-9~computec+2 proxy_html/2.5
> mod_ssl/2.2.3 OpenSSL/0.9.8c JRun/4.0
> Set-Cookie: CFAUTHORIZATION_=;expires=Sat, 17-Nov-2007 12:45:03 GMT;path=/
> Content-Language: de-DE
> Cache-Control: max-age=0
> Expires: Mon, 17 Nov 2008 12:45:03 GMT
> Connection: close
> Transfer-Encoding: chunked
> Content-Type: text/html; charset=UTF-8
>
> 200 OK
> ------------
>
> Any ideas on this?
>
> Kind regards
>
> Markus
>
>
> Computec Media AG
> Sitz der Gesellschaft und Registergericht: Fürth (HRB 8818)
> Vorstandsmitglieder: Johannes S. Gözalan (Vorsitzender) und Rainer Rosenbusch
> Vorsitzender des Aufsichtsrates: Jürg Marquard
> Umsatzsteuer-Identifikationsnummer: DE 812 575 276
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315367
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
