[cfaussie] RE: Big MX Problems

Thu, 13 May 2004 17:13:55 -0700

Yes, we've added that thanks.  Unfortunately, we will have an existing  user base that will have CFID/CFTOKEN's when we release CFMX due to us parcelling this information out in CF5. 

As I say, it does work for new users.  That is to say, if you have IE, clear all your cookies, and go to our site, everything will work as expected.  The problem is users that have a cookie (from when we were using CF5) and will go to our site, when CFMX is released.

Darren Tracey wrote:
To make sure that CF doesn't write CFID/CFTOKEN cookies, all you should have to do is add
 setclientcookies="No"
in your <CFAPPLICATION ...> tag.
Have you already tried this?
Did it work?
 
Regards
 
Darren Tracey
-----Original Message-----
From: Laszlo Simity [mailto:[EMAIL PROTECTED]]
Sent: Friday, 14 May 2004 9:41 AM
To: CFAussie Mailing List
Subject: [cfaussie] Big MX Problems

Hi,

We're just trying to migrate to MX from 5.  We're having some problems with session management.

Our site does not use cookies for session management - rather a unique identifier (not the CFID/CFTOKEN pair) is sent through the URL.  Now, in 5, Coldfusion would still set (probably our own fault here, but this is beside the point :)), a cookie with the CFID/CFTOKEN. 

What we would do is say:

Is there a URL identifier?
yes:
Do some work here to make sure CfApplication will know it's an existing session
no:
Set the cookies to blank
Call cfapplication - which will create a new CFID/CFTOKEN and session

This still works to an extent.  We no longer generate cookies, and therefore for new users with a fresh browser, this still works.  However, if you already have a CFID/CFTOKEN set in your browser from our site, MX creates a session in the "no" case above, to the values in your cookie.  What's worse is that if the cookie is blank, it creatse a session with a blank CFID/CFTOKEN pair.  What this means is that in testing, we had the entire company using one session (as we all had CFID/CFTOKEN cookies that were blank).  This seems like a pretty serious bug at least.

Obviously as some sort of "release task", we need to delete these cookies from peoples' browsers.  Or better yet, have ColdFusion ignore blank cookie values - or preferably cookies totally in the call to cfapplication.  I am unable to find any documentation that suggests anything like this is possible. 

Whilst I can test for the cookie key existence, then redirect to a page that deletes the cookies and meta refreshes back to the index.cfm, we have non-browser http clients that access our site via form submission, so this isn't necessarily an option.

Anyone have an ideas?

Thanks
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004

Reply via email to