RE: Session Swapping incident - proxy servers

2002-02-01 Thread Chris Bohill
a few but we have not had a session swapping incident since. HTH, Chris. -Original Message- From: Dimo Michailov [mailto:[EMAIL PROTECTED]] Sent: 31 January 2002 21:43 To: CF-Talk Subject: Re: Session Swapping incident Chris: I just stumbled upon your thread about identities sharing

Re: Session Swapping incident

2002-01-31 Thread Dimo Michailov
had bad experiences with proxies/firewalls and session variables swapping? Thanks again Chris. -Original Message- From: Chris Bohill Sent: 28 January 2002 15:04 To: CF-Talk Subject: Session Swapping incident We are developing an web based application, and have recently

RE: Session Swapping incident

2002-01-31 Thread Andy Parry
Hi, Yes we had all kinds of problems. Once we ditched client variables and cookies, moved to using (locked) session variables only (URL token passing) the problems went away. We were sure that some proxies were not permitting the creation of unique sessions. Don't really know the reason why, but

RE: Session Swapping incident

2002-01-29 Thread Chris Bohill
? Thanks again Chris. -Original Message- From: Chris Bohill Sent: 28 January 2002 15:04 To: CF-Talk Subject: Session Swapping incident We are developing an web based application, and have recently been experiencing a number of Session swapping incidents. On two occasions a user has been

Session Swapping incident

2002-01-28 Thread Chris Bohill
We are developing an web based application, and have recently been experiencing a number of Session swapping incidents. On two occasions a user has been navigating the system, only to Swap sessions with another user, who (we are not 100% sure) may also be viewing the site at the same time.

RE: Session Swapping incident

2002-01-28 Thread Carlisle, Eric
Is the application running in a clustered environment? Session variables aren't well suited for that. EC -Original Message- From: Chris Bohill [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:04 AM To: CF-Talk Subject: Session Swapping incident We are developing

RE: Session Swapping incident

2002-01-28 Thread Chris Bohill
No, the application is only stored on one server. -Original Message- From: Carlisle, Eric [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 15:20 To: CF-Talk Subject: RE: Session Swapping incident Is the application running in a clustered environment? Session variables aren't well

RE: Session Swapping incident

2002-01-28 Thread Andy Ewings
:[EMAIL PROTECTED]] Sent: 28 January 2002 15:04 To: CF-Talk Subject: Session Swapping incident We are developing an web based application, and have recently been experiencing a number of Session swapping incidents. On two occasions a user has been navigating the system, only to Swap sessions

RE: Session Swapping incident

2002-01-28 Thread Herbener, Martin - School Information Technology
? If this happens to users on one particular network, but not other people, I would wonder about proxies/firewalls at that site. -Original Message- From: Andy Ewings [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:26 AM To: CF-Talk Subject: RE: Session Swapping incident

Re: Session Swapping incident

2002-01-28 Thread Jeffry Houser
At 03:04 PM 01/28/2002 +, you wrote: We have locked all session variables and only refer to them as local variables on pages that need them. see below: cflock timeout=10 type=READONLY scope=SESSION cfset Variables.VarOne= session.VarOne cfset Variables.VarTwo= session.VarTwo /cflock I see

RE: Session Swapping incident

2002-01-28 Thread Neil Clark
in the words of our immortal Jedi Master on another list.. Repeat after me - if I _type_ session, application, or server, I should __ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant

RE: Session Swapping incident

2002-01-28 Thread Jeffry Houser
The obvious answer is Lock, although if it's something different I'm lost. Was the following message hit by the line monster? The original poster specified that he was locking, and based on his description he was locking properly. At 04:21 PM 01/28/2002 +, you wrote: in the words of

RE: Session Swapping incident

2002-01-28 Thread Neil Clark
Doh Repeat after me - if I _type_ session, application, or server, I should type lock. You suggested that it may be overkill to lock - he's saying it should always be the case... N __ Why Share? Dedicated Win 2000 Server ·

RE: Session Swapping incident

2002-01-28 Thread Andre Turrettini
something like this to ensure that the tracking info cant be messed with. DRE -Original Message- From: Jeffry Houser [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:29 AM To: CF-Talk Subject: RE: Session Swapping incident The obvious answer is Lock, although if it's something

RE: Session Swapping incident

2002-01-28 Thread Jeffry Houser
I was either unclear or you misunderstood what I originally intended. I meant that if there are only two session variables it may be overkill to copy them into variables scope to avoid locking within the page. At 04:31 PM 01/28/2002 +, you wrote: Doh Repeat after me - if I _type_

RE: Session Swapping incident

2002-01-28 Thread Neil Clark
ahh! :-) __ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: