<form method="post" action="test.cfm?#session.urltoken#">
...
<input type="submit" value="Submit" >
</form>
can you see whats wrong with above code?
As per the Servlet spec of J2EE, when cookies are disabled, session is maintained by url rewriting and that is done by appending ';jsessionid=
In the above code, it is appending session.urltoken which looks like 'CFID=1600&CFTOKEN=59663989&jsessionid=2830a9edcf6f794ff481'. Therefore the url becomes "test.cfm?CFID=1600&CFTOKEN=59663989&jsessionid=2830a9edcf6f794ff481" whereas it should been like "test.cfm;jsessionid=2830a9edcf6f794ff481?CFID=1600&CFTOKEN=59663989". Since jsessionId is not correctly specified, server does not get this and hence creates a new session.
So how do you handle it? One way is to get the sessionId and urltoken from the session and create the url as expected (which is some effort on developer part). Alternatively, you can use a rather simple approach of using URLSessionFormat(url) which will do the exact thing which is required here. URLSessionFormat() appends the necessary information if cookies are disabled. If they are enabled, it does not do anything. Therefore it might be a better idea to always use this function for any GET or POST url.
The above code should actually have been
<cfset myurl=URLSessionFormat("test.cfm")>
<form method="post" action="#myurl#">
...
<input type="submit" value="Submit" >
</form>
13 comments:
Good to know about this technique - thanx! Might not want to assign to a variable called 'url' tho' since it is a scope...
Oh yes. thanks. edited.
hi rupesh...
this is exactly what I did in a project lately...
but I ran into a problem:
urlsessionformat() only rewrites the url if the client has cookies disabled... so most of the time your url would just look like "test.cfm"
This shouldn't be a problem, but I got informed that in some cases users got to see pages filled with other user's data.
Seems that these pages got cached by the company-proxy...
After appending the default #session.urltoken# everything worked just fine...
Did I miss to adjust something or what was it?!
greetings
Joerg Zimmer
Hi Joerg,
When cookies are enabled, session is tracked using cookies and urltoken will not be used by the server in that case.
It seems to me that it was a badly configured proxy. A proxy should never cache dynamic content and should only cache the static pages like html and images.
Was it a proxy in your company and faced by intranet users? or some external customers reported it to you?
Rupesh.
Hi Rupesh...
sorry for responding so late...
The site is faced to external users and the proxy is located somewhere on client-side...
I discovered something new...
We currently run a site in a subframe of our customers website... Because our site runs under a differnt domain, IE security settings forbid cookies from our site.
So we have a similar scenario here... This site runs on our CFMX 7.0.2 Cluster with 2 Nodes and a load-balancer in front of the webservers...
While usere where klicking around in our site, it seemed that with every click there was a new session generated for the user.
Even urlsessionformat did not resolve this...
Our Cluster ran with sticky sessions and session-replication turned off. I thought that the connector would handle the sticky-sessions and always use the same cfmx node for one session. But obviously it didn't - turning on session-replication solved this problem...
Are the connectors on the 2 webservers unable to interchange sticky-session data? maybe the load-balancer in front of the cluster should have user-persistent routing turned on...
Did I put this clear? Better an example :)
user requests page
load balancer routes him to server1
connector on server1 routes him to server1
session is created on server1
user requests next page
load balancer routes him to server2
connector on server2 routes him to server2
new session is created on server2 because sessionid is unknown
user requests next page
load balancer routes him to server1
connector on server1 routes him to server1
new session is created on server1 because sessionid is unknown again.
Hi Joerg,
What kind of load balancer are you using? Is it a hardware loadbalancer or software loadbalancer?
As I understand, you have a cluster of two cf nodes each of them behind a webserver using a connector. So actually you have two webservers with a load balancer in front. Is that correct?
If it is, then please check if the loadbalancer supports the sticky session concept. If it does then I think it might be a better idea to enable that.
Are both the connectors aware of both the cluster nodes? Let me check with JRun guys here if that would work or if there are any issues there. I know for sure that when connector is used as a load balancer then it does route the request proeprly maintaining session stickiness.
Rupesh
Hi again :)
You're right. 2 Webservers with Coldfusion behind a Software Loadbalancer (ldirectord). The load balancer is able to handle sticky sessions.. but it's not turned on at the moment...
Both connectors have the cluster connected.. not a node.. this should be ok.
Joerg
Nice one bro. Thanks for the heads up!
Nice to read all of ur discussion..
I am also facing one Jsessionid problem while IT security testing.
telnet our site then
pass the parameters like that
POST /sonystyle/searchsonystyle.do HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Host: www.sonystyle.com.sg
Cookie: JSESSIONID="
Content-Length: 10
query=sony
if JSESSIONID value is "
then I am getting error.
how to handle this JSESSIONID ?
I am also experiencing problems with session variables in a clusted environment.
With my test code, cookies on for the cluster URL - all fine. Disable cookies - session lost.
Go to either instance directly (via port) with cookies disabled it is fine, ie session stays.
CFMX 702 Ent
Win 2003
J2ee vars - sticky on
看房子,買房子,建商自售,自售,台北新成屋,台北豪宅,新成屋,豪宅,美髮儀器,美髮,儀器,髮型,EMBA,MBA,學位,EMBA,專業認證,認證課程,博士學位,DBA,PHD,在職進修,碩士學位,推廣教育,DBA,進修課程,碩士學位,網路廣告,關鍵字廣告,關鍵字,課程介紹,學分班,文憑,牛樟芝,段木,牛樟菇,日式料理, 台北居酒屋,日本料理,結婚,婚宴場地,推車飲茶,港式點心,尾牙春酒,台北住宿,國內訂房,台北HOTEL,台北婚宴,飯店優惠,台北結婚,場地,住宿,訂房,HOTEL,飯店,造型系列,學位,SEO,婚宴,捷運,學區,美髮,儀器,髮型,看房子,買房子,建商自售,自售,房子,捷運,學區,台北新成屋,台北豪宅,新成屋,豪宅,學位,碩士學位,進修,在職進修, 課程,教育,學位,證照,mba,文憑,學分班,台北住宿,國內訂房,台北HOTEL,台北婚宴,飯店優惠,住宿,訂房,HOTEL,飯店,婚宴,台北住宿,國內訂房,台北HOTEL,台北婚宴,飯店優惠,住宿,訂房,HOTEL,飯店,婚宴,台北住宿,國內訂房,台北HOTEL,台北婚宴,飯店優惠,住宿,訂房,HOTEL,飯店,婚宴,結婚,婚宴場地,推車飲茶,港式點心,尾牙春酒,台北結婚,場地,結婚,場地,推車飲茶,港式點心,尾牙春酒,台北結婚,婚宴場地,結婚,婚宴場地,推車飲茶,港式點心,尾牙春酒,台北結婚,場地,居酒屋,燒烤,美髮,儀器,髮型,美髮,儀器,髮型,美髮,儀器,髮型,美髮,儀器,髮型,小套房,小套房,進修,在職進修,留學,證照,MBA,EMBA,留學,MBA,EMBA,留學,進修,在職進修,牛樟芝,段木,牛樟菇,關鍵字排名,網路行銷,PMP,在職專班,研究所在職專班,碩士在職專班,PMP,證照,在職專班,研究所在職專班,碩士在職專班,SEO,廣告,關鍵字,關鍵字排名,網路行銷,網頁設計,網站設計,網站排名,搜尋引擎,網路廣告,SEO,廣告,關鍵字,關鍵字排名,網路行銷,網頁設計,網站設計,網站排名,搜尋引擎,網路廣告,SEO,廣告,關鍵字,關鍵字排名,網路行銷,網頁設計,網站設計,網站排名,搜尋引擎,網路廣告,SEO,廣告,關鍵字,關鍵字排名,網路行銷,網頁設計,網站設計,網站排名,搜尋引擎,網路廣告,EMBA,MBA,PMP,在職進修,專案管理,出國留學,EMBA,MBA,PMP,在職進修,專案管理,出國留學,EMBA,MBA,PMP,在職進修,專案管理,出國留學,婚宴,婚宴,婚宴,婚宴,漢高資訊,漢高資訊,比利時,比利時聯合商學院,宜蘭民宿,台東民宿,澎湖民宿,墾丁民宿,花蓮民宿,SEO,找工作,汽車旅館,阿里山,日月潭,阿里山民宿,東森購物,momo購物台,pc home購物,購物漢高資訊,漢高資訊,在職進修,漢高資訊,在職進修,住宿,住宿,整形,造型,室內設計,室內設計,漢高資訊,在職進修,漢高資訊,在職進修,住宿,美容,室內設計,在職進修,羅志祥,周杰倫,五月天,住宿,住宿,整形,整形,室內設計,室內設計,比利時聯合商學院,在職進修,比利時聯合商學院,在職進修,漢高資訊,找工作,找工作,找工作,找工作,找工作,蔡依林,林志玲
酒店喝酒,禮服店,酒店小姐,酒店領檯,便服店,鋼琴酒吧,酒店兼職,酒店兼差,酒店打工,伴唱小姐,暑假打工,酒店上班,酒店兼職,ktv酒店,酒店,酒店公關,酒店兼差,酒店上班,酒店打工,禮服酒店,禮服店,酒店小姐,酒店兼差,暑假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,寒假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,暑假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,寒假打工,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,暑假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店兼差,暑假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,寒假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,暑假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,寒假打工,酒店小姐,台北酒店,禮服店 ,酒店小姐,酒店經紀,酒店兼差,暑假打工,酒店小姐,禮服店 ,酒店小姐,酒店經紀,酒店兼差,寒假打工,酒店小姐,禮服店 ,酒店小姐,酒店經紀,酒店兼差,暑假打工,酒店小姐,禮服店 ,酒店小姐,酒店經紀,酒店兼差,寒假打工,酒店小姐,禮服店 ,酒店小姐,酒店經紀,酒店兼差,暑假打工,酒店小姐,酒店傳播,酒店經紀人,酒店,酒店,酒店,酒店 ,禮服店 , 酒店小姐,酒店經紀,酒店兼差,暑假打工,招待所,酒店小姐,酒店兼差,寒假打工,酒店上班,暑假打工,酒店公關,酒店兼職,禮服店 , 酒店小姐 ,酒店經紀 ,酒店兼差,暑假打工,酒店,酒店,酒店經紀,酒店領檯 ,
希望大家都會非常非常幸福~
「朵朵小語‧優美的眷戀在這個世界上,最重要的一件事,就是好好愛自己。好好愛自己,你的眼睛才能看見天空的美麗,耳朵才能聽見山水的清音。好好愛自己,你才能體會所有美好的東西,所有的文字與音符才能像清泉一樣注入你的心靈。好好愛自己,你才有愛人的能力,也才有讓別人愛上你的魅力。而愛自己的第一步,就是切斷讓自己覺得黏膩的過去,以無沾無滯的輕快心情,大步走向前去。愛自己的第二步,則是隨時保持孩子般的好奇,願意接受未知的指引;也隨時可以拋卻不再需要的行囊,一路雲淡風輕。親愛的,你是天地之間獨一無二的旅人,在陽光與月光的交替之中瀟灑獨行.............................................................................................................有時,你覺得痛。胃痛的時候,接受它,承認這個疼痛是你的身體的一部份,與它和平共處。心痛的時候,接受它,承認這個經驗是你的生命的一部份,與它和平共處。抗拒痛的存在,只會讓它更要證明它的存在,於是你就更痛。所以,.無論你有多麼不喜歡痛的感覺,還是要接納這個痛的事實。與你的痛站在同一邊,不逃避,不閃躲,不再與你的痛爭執,如此,你的痛才會漸漸不再胡鬧,才會乖乖平息下去。.................心願-你許下了一個心願,你閉上眼睛,在冥想之中把這個心願交託宙給宇整個讓宇宙推動它全部的力.量去執行.,你看見星球與星球的引力牽繫著彼此,你聽見虛空與虛空.唱裡著和妙美的聲音,為了你的心願,整個宇宙正在相互傳遞,然後你放下了心願,不僅是放下,最好你還把你的心願忘記,唯有如此,它才能脫離你,發展它自己,
當它在宇宙的遊歷結束之後,它自然會來到你身邊,以你曾經希望的方式回應你,許下,只是讓它發生,放下,才是讓>它實現,你的心願使你懂得不能執著的奧秘...................
Post a Comment