a few but we have not had a
session
swapping incident since.
HTH,
Chris.
-Original Message-
From: Dimo Michailov [mailto:[EMAIL PROTECTED]]
Sent: 31 January 2002 21:43
To: CF-Talk
Subject: Re: Session Swapping incident
Chris:
I just stumbled upon your thread about identities sharing
had bad experiences with proxies/firewalls and session
variables swapping?
Thanks again
Chris.
-Original Message-
From: Chris Bohill
Sent: 28 January 2002 15:04
To: CF-Talk
Subject: Session Swapping incident
We are developing an web based application, and have recently
Hi,
Yes we had all kinds of problems. Once we ditched client variables and
cookies, moved to using (locked) session variables only (URL token passing)
the problems went away. We were sure that some proxies were not permitting
the creation of unique sessions. Don't really know the reason why, but
?
Thanks again
Chris.
-Original Message-
From: Chris Bohill
Sent: 28 January 2002 15:04
To: CF-Talk
Subject: Session Swapping incident
We are developing an web based application, and have recently been
experiencing a number of Session swapping incidents. On two occasions
a user has been
We are developing an web based application, and have recently been
experiencing a number of Session swapping incidents. On two occasions
a user has been navigating the system, only to Swap sessions with
another user, who (we are not 100% sure) may also be viewing the site at
the same time.
Is the application running in a clustered environment?
Session variables aren't well suited for that.
EC
-Original Message-
From: Chris Bohill [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:04 AM
To: CF-Talk
Subject: Session Swapping incident
We are developing
No, the application is only stored on one server.
-Original Message-
From: Carlisle, Eric [mailto:[EMAIL PROTECTED]]
Sent: 28 January 2002 15:20
To: CF-Talk
Subject: RE: Session Swapping incident
Is the application running in a clustered environment?
Session variables aren't well
:[EMAIL PROTECTED]]
Sent: 28 January 2002 15:04
To: CF-Talk
Subject: Session Swapping incident
We are developing an web based application, and have recently been
experiencing a number of Session swapping incidents. On two occasions
a user has been navigating the system, only to Swap sessions
?
If this happens to users on one particular network, but not other people, I
would wonder about proxies/firewalls at that site.
-Original Message-
From: Andy Ewings [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:26 AM
To: CF-Talk
Subject: RE: Session Swapping incident
At 03:04 PM 01/28/2002 +, you wrote:
We have locked all session variables and only refer to them as local
variables on pages that need them. see below:
cflock timeout=10 type=READONLY scope=SESSION
cfset Variables.VarOne= session.VarOne
cfset Variables.VarTwo= session.VarTwo
/cflock
I see
in the words of our immortal Jedi Master on another list..
Repeat after me - if I _type_ session, application, or server, I should
__
Dedicated Windows 2000 Server
PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant
The obvious answer is Lock, although if it's something different I'm
lost. Was the following message hit by the line monster? The original
poster specified that he was locking, and based on his description he was
locking properly.
At 04:21 PM 01/28/2002 +, you wrote:
in the words of
Doh
Repeat after me - if I _type_ session, application, or server, I should
type lock.
You suggested that it may be overkill to lock - he's saying it should always
be the case...
N
__
Why Share?
Dedicated Win 2000 Server ·
something like this to ensure that the tracking
info
cant be messed with.
DRE
-Original Message-
From: Jeffry Houser [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 9:29 AM
To: CF-Talk
Subject: RE: Session Swapping incident
The obvious answer is Lock, although if it's something
I was either unclear or you misunderstood what I originally intended.
I meant that if there are only two session variables it may be overkill
to copy them into variables scope to avoid locking within the page.
At 04:31 PM 01/28/2002 +, you wrote:
Doh
Repeat after me - if I _type_
ahh! :-)
__
Get Your Own Dedicated Windows 2000 Server
PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant Activation · $99/Month · Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb
FAQ:
16 matches
Mail list logo