Two or three weeks ago, I posted a call for help on the CFCDev mailing list regarding this strange problem I was having regarding sessions. I forget exactly how I described the issue, and I'm too lazy to look it up, so I'll just describe it again (and I'm sure now that I've solved it, this description will be much better than the first one):
Basically, when I posted a form in Adobe ColdFusion 6.1 whose action performed a
appended to the URL, and when links also appended that variable, all the sudden my session would become invalidated. I checked every reference to
and couldn't find anywhere it would be happening in my code. I couldn't even tell exactly when
it was happening even though I put markers in every place I could think of. But finally today I happened to look up at the URL and notice that
were there multiple times. Clearly that was the problem. After that, I was pretty sure the where the problem lied, so I went straight to it and fixed it.
This was never a problem in CF7, that I have been able to reproduce.
If you'd like to reproduce it in CF6.1, here is some simple code to do so:
<cfapplication name="test_session_funkiness" sessionmanagement="true">
<cfparam name="session.id" default="0">
<cfif session.id is 0>
The session.id was 0.
<cfoutput><a href="middle.cfm?#cgi.query_string#">go to the middle</a></cfoutput>
we are at the end.
<cfoutput><a href="start.cfm?#cgi.query_string#">do it one more time</a></cfoutput>
If you set those files up and navigate to start.cfm, you'll see that "the session.id was 0." is output in places you wouldn't expect.
I understand the cause, but I would have expected CF to behave as it does in 7, since (I'm guessing that) appending
to your URL would be fairly common practice. And, as a side note, I'm fairly sure I've run into this before - only I had just forgotten (it seeeeemed familiar). That's why I wrote it down this time (and to help anyone who may also have had the problem).
Hey! Why don't you make your life easier and subscribe to the full post
or short blurb RSS feed? I'm so confident you'll love my smelly pasta plate
wisdom that I'm offering a no-strings-attached, lifetime money back guarantee!
Leave a comment
the problem is that with <cflocation> the addtoken attribute HAD the default value of "yes". So unless you specified addtoken="no", CF would always append the session identifier to the URL.
I guess that was changed with CF MX 7, although it is not listed as changed in the CF Livedocs. Apparently MM changed quite a bit about this tag without telling anybody. ;-)
Posted by Christoph Schmitz
on Mar 14, 2007 at 02:55 AM UTC - 5 hrs
Leave a comment
Haha thanks for pointing that out Chris! I had completely forgot about the addtoken attribute.
/me slaps his forehead
Posted by Sam
on Mar 14, 2007 at 07:39 AM UTC - 5 hrs