Re: CF 9 Standard Load Bal Sticky Sessions
I am trying to setup a failover environment for my web application. We are using CF9 standard and LVS (Linux Virtual Server) as the load balancer (LB). My web application uses session variables to remember form values posted in a process (eg would work like a session web shopping cart). The issue is the session values are lost when the LB processes the request as it flips between the different servers between each request. Is it possible to setup sticky sessions so that the session variables are retained across the web session? I'm concerned the only way to do this is to update the application to client variables and store in the database etc. Any thoughts or recommendations appreciated. Yes, you can use sticky sessions with CF Standard. Of course, if one server fails, the sessions on that server will be lost. If you need session failover with CF Standard, you'll have to use client variables in a database or some analogous thing you build yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsit ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342824 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CF 9 Standard Load Bal Sticky Sessions
FYI - the work to make your sessions sticky will be on your Linux box, not on CF. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, March 08, 2011 8:05 AM To: cf-talk Subject: Re: CF 9 Standard Load Bal Sticky Sessions I am trying to setup a failover environment for my web application. We are using CF9 standard and LVS (Linux Virtual Server) as the load balancer (LB). My web application uses session variables to remember form values posted in a process (eg would work like a session web shopping cart). The issue is the session values are lost when the LB processes the request as it flips between the different servers between each request. Is it possible to setup sticky sessions so that the session variables are retained across the web session? I'm concerned the only way to do this is to update the application to client variables and store in the database etc. Any thoughts or recommendations appreciated. Yes, you can use sticky sessions with CF Standard. Of course, if one server fails, the sessions on that server will be lost. If you need session failover with CF Standard, you'll have to use client variables in a database or some analogous thing you build yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsit ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342825 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: File Upload uploading open file
Hi Don, The mime type of the file is determined by the browser (client side), and then sent in the HTTP request to upload the file. ColdFusion uses the same mime type sent by the browser in cffile. So it sounds like the accept attribute of cffile is causing this exception to be thrown. Try adding this mime type to the cffile accept attribute list, and then make sure you are validating the file extension of the uploaded file to be doc or docx. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Mon, Mar 7, 2011 at 11:50 AM, Don danfar...@hotmail.com wrote: Hi Folks =) Trying to upload a file ( word doc ) that is concurrently OPEN in the OS. Upon upload attempt via cffile coldfusion is seemingly returning a mime type error: The MIME type of the uploaded file application/octet-stream was not accepted by the server. is there a way to prevent (open) files from being uploaded? how would I ignore/bypass this error so as to actually upload the original file? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342826 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Losing Sessions
I'm having a really frustrating issue with an application and cannot figure out where the problem is. The client is getting randomly logged out of the system, basically the session is getting reset. So far, not all that unusual, I've certainly seen this kind of issue before. But the weird thing is, the CFID and CFTOKEN never change! When I track them, they stay the same from request to request, but all the session variables get reset anyway. I tried removing any code that would remotely have any possibility to do this (no logout function, etc.), but no luck, nor have I been able to definitely nail down the circumstances in which it occurs. It doesn't happen on all their computers (1 in 13 they say show the problem), and typically only happens on IE (definitely IE8, we haven't really tested anything else). They said they see it on FF too sometimes, but I've not been able to verify that, both Chrome and FF on the 2 effected users I worked with worked fine. I've not been able to replicate it myself, even using the same version of IE, many other users don't see it, and it just stumps me how the session is getting reset when the session token doesn't change, and when any code that would do so has been stripped out. Any ideas?? --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342827 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Riaforge down?
I'm back, but also on vacation. I'm officially back in the office Wednesday. If you still have issues, let me know. On Mon, Mar 7, 2011 at 12:04 AM, Maureen mamamaur...@gmail.com wrote: I think Ray is Scotland at the conference. On Sun, Mar 6, 2011 at 4:35 PM, Bobby Hartsfield bo...@acoderslife.com wrote: I've been having trouble with riaforge for the past couple of days. It has been intermittent until now. I could just refresh and the page would load... but now I can't get anything on it to load. I sent an email to Ray a day or two ago but never heard back and now it is just worse. Anyone else getting seeing this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342828 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
Mary Jo, Check the CF Administrator under memory variables and see what the MAX timeout is for Application Session. Also, check the value on your CFAPPLICATION tag. Make sure you didn't change the session timeout there to something smaller than what you wanted. Drew Nathanson Technical Synergy, Inc. I'm having a really frustrating issue with an application and cannot figure out where the problem is. The client is getting randomly logged out of the system, basically the session is getting reset. So far, not all that unusual, I've certainly seen this kind of issue before. But the weird thing is, the CFID and CFTOKEN never change! When I track them, they stay the same from request to request, but all the session variables get reset anyway. I tried removing any code that would remotely have any possibility to do this (no logout function, etc.), but no luck, nor have I been able to definitely nail down the circumstances in which it occurs. It doesn't happen on all their computers (1 in 13 they say show the problem), and typically only happens on IE (definitely IE8, we haven't really tested anything else). They said they see it on FF too sometimes, but I've not been able to verify that, both Chrome and FF on the 2 effected users I worked with worked fine. I've not been able to replicate it myself, even using the same version of IE, many other users don't see it, and it just stumps me how the session is getting reset when the session token doesn't change, and when any code that would do so has been stripped out. Any ideas?? --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342829 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Losing Sessions
If that checks out, I'd try to track their session through the web logs. We recently had the same issue with randomly expiring sessions. It turned out that the client had a proxy that was changing their IP every minute or so; that, combined with or custom anti-session hijacking checks, was the cause of the lost sessions. In our case, it was a proxy that all of the client's users went through but who knows... maybe you have one or two using their own proxies. Just a thought. .:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -Original Message- From: Drew Nathanson [mailto:d...@technicalsynergy.com] Sent: Tuesday, March 08, 2011 7:01 PM To: cf-talk Subject: Re: Losing Sessions Mary Jo, Check the CF Administrator under memory variables and see what the MAX timeout is for Application Session. Also, check the value on your CFAPPLICATION tag. Make sure you didn't change the session timeout there to something smaller than what you wanted. Drew Nathanson Technical Synergy, Inc. I'm having a really frustrating issue with an application and cannot figure out where the problem is. The client is getting randomly logged out of the system, basically the session is getting reset. So far, not all that unusual, I've certainly seen this kind of issue before. But the weird thing is, the CFID and CFTOKEN never change! When I track them, they stay the same from request to request, but all the session variables get reset anyway. I tried removing any code that would remotely have any possibility to do this (no logout function, etc.), but no luck, nor have I been able to definitely nail down the circumstances in which it occurs. It doesn't happen on all their computers (1 in 13 they say show the problem), and typically only happens on IE (definitely IE8, we haven't really tested anything else). They said they see it on FF too sometimes, but I've not been able to verify that, both Chrome and FF on the 2 effected users I worked with worked fine. I've not been able to replicate it myself, even using the same version of IE, many other users don't see it, and it just stumps me how the session is getting reset when the session token doesn't change, and when any code that would do so has been stripped out. Any ideas?? --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342830 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Riaforge down?
Thanks Ray. It has been fine sine I sent the email to the list. I have another question in the riaforge contact queue (trying to ask it was what led me to report the site error). I'm sure you'll get to it sooner or later. And no, the question is not How do you manage to go to Scotland... come back then go on vacation?!?! ;-) .:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -Original Message- From: Raymond Camden [mailto:rcam...@gmail.com] Sent: Tuesday, March 08, 2011 6:50 PM To: cf-talk Subject: Re: Riaforge down? I'm back, but also on vacation. I'm officially back in the office Wednesday. If you still have issues, let me know. On Mon, Mar 7, 2011 at 12:04 AM, Maureen mamamaur...@gmail.com wrote: I think Ray is Scotland at the conference. On Sun, Mar 6, 2011 at 4:35 PM, Bobby Hartsfield bo...@acoderslife.com wrote: I've been having trouble with riaforge for the past couple of days. It has been intermittent until now. I could just refresh and the page would load... but now I can't get anything on it to load. I sent an email to Ray a day or two ago but never heard back and now it is just worse. Anyone else getting seeing this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342831 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
Check the CF Administrator under memory variables and see what the MAX timeout is for Application Session. Also, check the value on your CFAPPLICATION tag. Make sure you didn't change the session timeout there to something smaller than what you wanted. No, those are all fine. And if those were set incorrectly, it would certainly effect a much wider set of users than what we are seeing. It's a very small percentage that are seeing this. And it doesn't seem to be a particular amount of time that they lose their session, I would sometimes be able to reload a page several times before it'd drop me, and sometimes it'd happen immediately. On the effected computers though, it pretty much happens by the time you've clicked through 3 or 4 pages. Sometimes it would happen pretty much every time immediately. It's the failure of the CFID/CFTOKEN to change that's particularly confusing to me, since any other time when I've seen these kinds of issues and the session is being lost, they'll change on every request. Although I realized today I was only looking at a dump of the session vars, not the actual cookies, so maybe for some reason the session is getting dropped and then reinitialized with the same cookies?? Grasping at straws here... --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342832 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
If that checks out, I'd try to track their session through the web logs. We recently had the same issue with randomly expiring sessions. It turned out that the client had a proxy that was changing their IP every minute or so; that, combined with or custom anti-session hijacking checks, was the cause of the lost sessions. I did ask them if they were behind a proxy or firewall or something similar, as something like this did occur to me as a possible cause but the information I have to go on is that they have users in multiple locations seeing it, and at least in one case they have many other computers in the same office that don't show the problem and only a couple that do. We're not using any IP checks for hijacking, other methods are in place for that (which I did remove temporarily just to make sure it didn't have anything to do with it...it didn't). It's really, really baffling. Oh, FYI, the server is running CF 9.01 --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342833 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
On 9/03/2011 14:21, Mary Jo Sminkey wrote: It's the failure of the CFID/CFTOKEN to change that's particularly confusing to me, since any other time when I've seen these kinds of issues and the session is being lost, they'll change on every request. Although I realized today I was only looking at a dump of the session vars, not the actual cookies, so maybe for some reason the session is getting dropped and then reinitialized with the same cookies?? Grasping at straws here... How about dropping a cflog tag with some useful info into OnSessionStart to see if the sessions is actually restarting or not? -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342834 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
How about dropping a cflog tag with some useful info into OnSessionStart to see if the sessions is actually restarting or not? Hhm, currently it uses application.cfm so that isn't available, I'd have to look at how easy it would be to switch it if this really becomes necessary to debug it. I'm also going to see if I can get access to an earlier server version to see if it's specific to CF9. But I did some diagnostics when I was testing that certainly seemed to indicate that the session was being lost when you clicked through to the next page. If I commented out the code that initialized the user ID in the session, when I clicked through to the next page, it would throw an error that it didn't exist when it hit a place in the page that used it. Since nowhere in the code do I ever *remove* that variable, that's a pretty good indication that the session is not persisting. --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342835 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions [spamtrap bayes][spamtrap heur]
shot in the dark, but just had issues w/some IE7 browsers (not FF, chrome, etc.) losing sessions after applying latest hotfix which seems related to this: * A JVM property was added in case you want to completely switch off the fix for the Session Fixation issue ( Bug 86378) which prior to this security release changed Session behavior in some environments. Add the following JVM property âDcoldfusion.session.protectfixation=false in the JVM Arguments for the Coldfusion Server. http://kb2.adobe.com/cps/890/cpsid_89094.html ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342836 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
Separate domains? www.domain.com vs domain.com ? I've been caught by that before, and as far as cookies go, they see them as totally separate. Mark Sent from my mobile device. On 09/03/2011 2:55 PM, Mary Jo Sminkey mary...@cfwebstore.com wrote: How about dropping a cflog tag with some useful info into OnSessionStart to see if the sessions is actually restarting or not? Hhm, currently it uses application.cfm so that isn't available, I'd have to look at how easy it would be to switch it if this really becomes necessary to debug it. I'm also going to see if I can get access to an earlier server version to see if it's specific to CF9. But I did some diagnostics when I was testing that certainly seemed to indicate that the session was being lost when you clicked through to the next page. If I commented out the code that initialized the user ID in the session, when I clicked through to the next page, it would throw an error that it didn't exist when it hit a place in the page that used it. Since nowhere in the code do I ever *remove* that variable, that's a pretty good indication that the session is not persisting. --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342837 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
Separate domains? www.domain.com vs domain.com ? I've been caught by that before, and as far as cookies go, they see them as totally separate. No, no changes in the domain. Also not using SSL. I can reload the same page and get the session to drop (just takes a few tries sometimes). MJS ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342838 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions
shot in the dark, but just had issues w/some IE7 browsers (not FF, chrome, etc.) losing sessions after applying latest hotfix which seems related to this: * A JVM property was added in case you want to completely switch off the fix for the Session Fixation issue ( Bug 86378) which prior to this security release changed Session behavior in some environments. Add the following JVM property âDcoldfusion.session.protectfixation=false in the JVM Arguments for the Coldfusion Server. http://kb2.adobe.com/cps/890/cpsid_89094.html Well this definitely seems to be more in the ballpark! I'm not entirely sure I understand this note though, why would you want to switch off the fix? Is the fix itself the cause of the session loses? --- Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342839 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Losing Sessions [spamtrap bayes][spamtrap heur]
On 3/9/2011 12:51 PM, Mary Jo Sminkey wrote: Well this definitely seems to be more in the ballpark! I'm not entirely sure I understand this note though, why would you want to switch off the fix? Is the fix itself the cause of the session loses? in our case it was. client had a console page with secure/un-secure bits mixed together it was throwing off users w/IE7 after the hotfix was applied. while they work out what is actually wrong, adding that JVM argument fixed that issue. maybe peter or jason will chime in explain all this voodoo ;-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342840 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm