?
Solved

How do I stop losing my cookies and stay logged in?

Posted on 2003-03-20
77
Medium Priority
?
732 Views
Last Modified: 2013-12-24
Hi Guys!

I am running CF Server 5. After the rash of MS updates a few weeks ago, sometimes when I click on a form link, I lose my User_Info cookie that tells me if I'm logged in or not. This causes the Application.cfm to cf include the login page and abort.

To start off with, I have logged in and have my User_Info cookie. Next, I click on a link like this:

<form
     action="http://www.myproductionserver.net/the/path/to_my_script_is.cfm?CFID=39639&CFTOKEN=74431736&Tab=7&Type=Supervisor&E5180B05-1ED5-4B72-BFBE5AF173D2E69F"
     method="post"
     name="tab7Form"
     style="margin-bottom: 0px; margin-top: 0px;"
><a
     href="javascript:this.document.forms['tab7Form'].submit()"
     class="nameLinkSmall"
     onmouseout="window.status=' ';return(true);"
     onmouseover="window.status='http://www.myproductionserver.net/the/path/to_my_script_is.cfm?CFID=39639&CFTOKEN=74431736&Tab=7&Type=Supervisor&E5180B05-1ED5-4B72-BFBE5AF173D2E69F';return(true);"
>Supervisor</a></form>

and be forced to log in!!

Application.cfm looks like this:



<!--- Deserialize the contents of the cookie --->
<cftry>
     <cfif IsDefined('Cookie.User_Info')>
          <cfwddx
               action="WDDX2CFML"
               input="#Cookie.User_Info#"
               output="Access"
          >
          <cfelse>
          <cfif IsDefined('Client.User_Info')><cfwddx
               action="WDDX2CFML"
               input="#Client.User_Info#"
               output="Access"
          ></cfif>
     </cfif>
     <cfcatch><cfabort></cfcatch>
</cftry>

<!--- Create an arbitrary (but consistently used) scope for log ins --->
<cfapplication
     name="MyProductionServerzApplicationName"
     clientmanagement="Yes"
     sessionmanagement="Yes"
     sessiontimeout="#MySessionTimeOut#"
>

<cfif NOT (IsDefined('Access') OR ListFindNoCase(MyTrustedTemplateList, CGI.SCRIPT_NAME) OR IsAuthenticated('MyProductionServerzApplicationName'))>
     
     <!--- The user is NOT authenticated --->
     <cfscript>
          ShowLogin = "False";
     </cfscript>
     <cftry>
          <cfscript>
               if((NOT IsDefined('Form.User_Logon')) OR (NOT Len(Trim(Form.User_Logon)))) {
                    if(IsDefined('URL.User_Logon') AND Len(Trim(URL.User_Logon))) {
                         /* This sometimes blows up if the value to be decrypted is not valid */
                         Form.User_Logon = Decrypt(URL.User_Logon, 'MyUserLogonDecryptionKey');
                         }
                    }
               if((NOT IsDefined('Form.User_Password')) OR (NOT Len(Trim(Form.User_Password)))) {
                    if(IsDefined('URL.User_Password') AND Len(Trim(URL.User_Password))) {
                         /* This sometimes blows up if the value to be decrypted is not valid */
                         Form.User_Password = Decrypt(URL.User_Password, 'MyUserPasswordDecryptionKey');
                         }
                    }
          </cfscript>
          <cfcatch></cfcatch>
     </cftry>
     <cfif IsDefined('Form.User_Logon') and IsDefined('Form.User_Password')>
         
          <!--- The login form was submitted --->
          <cftry>
               <cfauthenticate
                    securitycontext="MyProductionServerzApplicationName"
                    username="#Form.User_Logon#"
                    password="#Form.User_Password#"
                    setcookie="YES"
               >
               <cfif NOT (IsDefined('Access') OR ListFindNoCase(TrustList, CGI.SCRIPT_NAME))>
                    <cfinclude template="/includes/check_userz_password.cfm">
                    <cfif PleaseTryAgain>
                         <cfoutput><table
                              height="100%"
                              width="100%"
                         ><tr><td
                              align="center"
                         >The login name and password you supplied were incorrect.</td></tr></table></cfoutput>
                         <cfabort>
                         <cfelse>
                         <cfinclude template="/path/log_user_into_central_station.cfm">
                    </cfif>
               </cfif>
               <cfcatch type="security">
                   
                    <!--- Security error in login occurred, show login again --->
                    <h3>Invalid Login</h3>
                    <cfset ShowLogin="Yes">
                   
               </cfcatch>
          </cftry>
          <cfelse>
         
          <!--- The login was NOT detected --->
          <cfset ShowLogin="Yes">
         
     </cfif>
     <cfif ShowLogin>
          <cfset EmailTitle="Forced Login From the Application Template">
          <cfinclude template="/includes/send_email_to_the_developer.cfm">
          <cfinclude template="/index.cfm">
          <cfabort>
     </cfif>
</cfif>


The email the developer gets when this forced login happens is in HTML form. It's just a series of cf dumps:

Forced Login From the Application Template

--------------------------------------------------------------------------------

TheLast5StaffWhoHaveLoggedInAtThisAddress
AGENCY_NAME LOGIN_TIME NAME_FIRST NAME_LAST PROGRAM_NAME USERS_ID
My Agency, Inc.  2003-03-20 08:48:26  Dave  Babbitt  My Program  443  
My Agency, Inc.  2003-03-20 08:47:27  Dave  Babbitt  My Program  443  
My Agency, Inc.  2003-03-20 08:46:26  Dave  Babbitt  My Program  443  
My Agency, Inc.  2003-03-20 08:45:27  Dave  Babbitt  My Program  443  
My Agency, Inc.  2003-03-20 08:44:42  Dave  Babbitt  My Program  443  

Application
APPLICATIONNAME MYPRODUCTIONSERVERZAPPLICATIONNAME  
DATEMASK m/d/yyyy  
DEFAULTFONT Trebuchet MS  
TIMEMASK h:mm tt  

CGI
AUTH_PASSWORD  
AUTH_TYPE  
AUTH_USER  
CERT_COOKIE  
CERT_FLAGS  
CERT_ISSUER  
CERT_KEYSIZE  
CERT_SECRETKEYSIZE  
CERT_SERIALNUMBER  
CERT_SERVER_ISSUER  
CERT_SERVER_SUBJECT  
CERT_SUBJECT  
CF_TEMPLATE_PATH X:\INETPUB\WWWROOT\whatever\the\path\to_my_script_is.cfm  
CONTENT_LENGTH 0  
CONTENT_TYPE application/x-www-form-urlencoded  
GATEWAY_INTERFACE CGI/1.1  
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*  
HTTPS off  
HTTPS_KEYSIZE  
HTTPS_SECRETKEYSIZE  
HTTPS_SERVER_ISSUER  
HTTPS_SERVER_SUBJECT  
PATH_INFO /the/path/to_my_script_is.cfm  
PATH_TRANSLATED X:\INETPUB\WWWROOT\whatever\the\path\to_my_script_is.cfm  
QUERY_STRING CFID=39639&CFTOKEN=74431736&Tab=8&Type=Mail&6870E1EB-219B-41BD-88A28FC5A7AFAC25  
[Edited by Cerebro]
REMOTE_ADDR 127.0.0.1  
REMOTE_HOST 127.0.0.1  
[Edited by Cerebro]
REMOTE_USER  
REQUEST_METHOD POST  
SCRIPT_NAME /the/path/to_my_script_is.cfm  
SERVER_NAME www.myproductionserver.net 
SERVER_PORT 80  
SERVER_PORT_SECURE 0  
SERVER_PROTOCOL HTTP/1.1  
SERVER_SOFTWARE Microsoft-IIS/5.0  
WEB_SERVER_API ISAPI  


Cookie
CFID 39639  
CFTOKEN 74431736  

Form

Request
CFADUMPINITED FALSE  

Session
CFID 39639  
CFTOKEN 74431736  
SESSIONID MYPRODUCTIONSERVERZAPPLICATIONNAME_39639_74431736  
URLTOKEN CFID=39639&CFTOKEN=74431736  

URL
CFID 39639  
CFTOKEN 74431736  
OVERRIDE_DEBUG_MODE DEBUG  
TAB 8  
TYPE Mail  

Client Variables
CFID 39639
CFToken 74431736
URLToken CFID=39639&CFTOKEN=74431736
HitCount 4
TimeCreated {ts '2003-03-20 08:50:51'}
LastVisit {ts '2003-03-20 08:51:05'}


How do I stop losing my cookies and stay logged in?
0
Comment
Question by:dbabbitt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 46
  • 26
  • 2
  • +3
77 Comments
 

Author Comment

by:dbabbitt
ID: 8173677
I was trying to add a client storage ODBC attribute to cfapplication. It doesn't like it on the Production Server, even if I have the ODBC log in via the SA password.
0
 

Author Comment

by:dbabbitt
ID: 8173871
If I hit Ctrl-F5 when I sent to the forced relogin page, it always corrects itself and gives me the intended page.
0
 
LVL 9

Expert Comment

by:HamdyHassan
ID: 8174010
Did you try "Registry" for your client storage

<cfapplication name="app_name"
               clientmanagement="Yes"
               sessionmanagement="Yes"
               setclientcookies="Yes"
               sessiontimeout="#CreateTimeSpan(0,0,30,0)#"
               applicationtimeout="#CreateTimeSpan(2,0,0,0)#"
                   clientstorage="REGISTRY">
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:dbabbitt
ID: 8174045
It used to be on registry, but I'm tired of this problem, so I verified my ODBC connection to my Cold_Fusion_Client_Variables database and am now using that. It has no effect.
0
 

Author Comment

by:dbabbitt
ID: 8174581
It's wierd, if I pass just the user logon in a hidden variable, submitting the form no longer causes a forced re-login. It means there is probably a flaw in my form field inpection logic in Application.cfm
0
 

Author Comment

by:dbabbitt
ID: 8175090
I don't think it's a flaw in my form field inpection logic in Application.cfm. Try these instructions to prove it:
1) Log into
[Edited by Cerebro]
http://localhost/RentACoder/test_form_field_inpection_logic.cfm 
[Edited by Cerebro]
using RentACoder as the User ID and RentACoder as the Password.
2) Click the submit button without checking any boxes.
3) If it forces you to re-login, that's the problem I'm trying to solve. Just hit Ctrl-F5 to continue.
0
 

Author Comment

by:dbabbitt
ID: 8175188
For a different take on the problem, check out http://localhost/RentACoder/test_cgi_http_host.cfm with the same instructions as above.

[Edited by Cerebro]
0
 

Author Comment

by:dbabbitt
ID: 8175882
The environmental variables that show up different when I get a forced login:
1) CGI.HTTP_ACCEPT (didn't disappear but now it's image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*)
2) (disappeared)
3) (disappeared)
4) (disappeared)
5) (disappeared)
6) (disappeared)
7) (disappeared)
8) (disappeared)
9) (disappeared)
10) (disappeared)
11) (disappeared)

The environmental variables that re-appear when I hit Ctrl-F5:
1) CGI.HTTP_ACCEPT (now it's back to */*)
2) CGI.HTTP_ACCEPT_ENCODING
3) CGI.HTTP_ACCEPT_LANGUAGE
4) CGI.HTTP_CACHE_CONTROL
5) CGI.HTTP_CONNECTION
6) CGI.HTTP_CONTENT_LENGTH
7) CGI.HTTP_CONTENT_TYPE
8) CGI.HTTP_COOKIE
9) CGI.HTTP_HOST
10) CGI.HTTP_REFERER
11) CGI.HTTP_USER_AGENT

Does having the CGI.HTTP_ACCEPT change give anybody any clue as to what's going on? As you can see, losing CGI.HTTP_COOKIE is critical because that means losing my cookies.

I found that if I COMPLETELY changed over from HTTP_HOST to SERVER_NAME the problem DOESN'T go away. Check out http://www.experts-exchange.com/Web/WebDevSoftware/Q_20486370.html for further details.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8176527
when you use CGI.Server_Name does the value display differently or blank?

You shouldn't lose your cookie.. is the cookie set for your domain or a url?  turn on cookie prompting and see how the cookies are set.  Output the cookies on each page to make sure that cookies are sent back by the browser (it maybe a domain/path issue)

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8176561
add this to your cfapplication:
  SetDomainCookies="yes"

CJ
0
 

Author Comment

by:dbabbitt
ID: 8177168
Adding SetDomainCookies="yes" to my cfapplication has no effect, CGI.HTTP_ACCEPT_ENCODING, CGI.HTTP_ACCEPT_LANGUAGE, CGI.HTTP_CACHE_CONTROL, CGI.HTTP_CONNECTION, CGI.HTTP_CONTENT_LENGTH, CGI.HTTP_CONTENT_TYPE, CGI.HTTP_COOKIE, CGI.HTTP_HOST, CGI.HTTP_REFERER, and CGI.HTTP_USER_AGENT are still missing and I still get forced to log back on.

In other words, I'm not just losing my cookie. I'm losing the ability of my browser to send cookies, among other things.
0
 

Author Comment

by:dbabbitt
ID: 8177224
Sometimes the Client.User_Info is still set so just at the last minute I'm converting that into the Access structure. Wierd.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8177227
HTTP_* are browser provided values.. they are not gaurunteed to exist.

when you turn on cookie prompting you see the cookie get set right?  What is the domain of the cookie and its path?

if the browser is not sending cookies back to the server it maybe more of an environment issue with the browser rather than the server.

I have never had a problem using cookies in a cfapp.

SetDomainCookies should help b/c it will set the cfid, cftoken cookies at the domain level so a subdomain or path has no effect on them.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8177239
Sometimes the Client.User_Info is still set so just at the last minute I'm converting that into the Access structure. Wierd.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8177251
a few things I noticed:
why do you have clientmanagement turned on.. do you use something specific to require that?

Either your session data is not being set or your authentication is not working right.

try outputting everything that you check for (verify that the user is logged in with) onto the screen before you do the login check.  (once you login.. change the code and test it out)  See if something is missing.

CJ

0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8177256
Oops I now see that you are using Client.User_Info.  Any reason for using that instead of just Session.User_Info?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8177443
How do I turn on cookie prompting? I overrode automatic cookie handling in the advanced privacy settings, but didn't get any notification when I logged into my site. It should have prompted me at /login.cfm that I was getting a cookie, right?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8177693
That should work.  I use Mozilla for that kind of stuff b/c it lets me see the values of my cookies as I am progressing through the site.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8177709
You need to understand that this is happening to about a dozen different people. Their user agents look like this:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8177983
I would think that this is more of a browser setting than code issue.

do use the option of:

SetDomainCookies=Yes

The other issue could be that maybe those users are blocking your site from setting cookies?  What is the site URL and what is the domain that the cookies get set for?

Are you able to reproduce this or is it just specific to those users?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8178081
This is happening to myself and a few dozen other users. It started happening without any changes to the code.
0
 

Author Comment

by:dbabbitt
ID: 8178092
I can make it happen anytime I want by pushing an arbitrary submit button.
0
 
LVL 17

Expert Comment

by:anandkp
ID: 8178958
hi,

what is the "EXPIRES" property of CFCOOKIE set to ???
if u havent set ne-thing there - then its browser based & will get deleted once the browser window is closed
but if u ahve set the expires property to some timeperiod -then u will have it on the clients machine  till that period is elapsed.

also have client-storage mech for storing the cookied - dont use registry if u have many users on ur site - i had used it before & my registery was overloaded with 2Lacs of folder storing client info - which was a sheer waste of space & slowed down my server !

K'Rgds
Anand
0
 

Author Comment

by:dbabbitt
ID: 8179775
Why the fixation on the cookie? When I get a forced logon, there are no cookies to allow or block or check the Domain or Expires properties of because there is no CGI.HTTP_COOKIE to speak of. This is something bigger than the cookies, guys. I'm also losing my CGI.HTTP_ACCEPT_ENCODING, CGI.HTTP_ACCEPT_LANGUAGE, CGI.HTTP_CACHE_CONTROL, CGI.HTTP_CONNECTION, CGI.HTTP_CONTENT_LENGTH, CGI.HTTP_CONTENT_TYPE, CGI.HTTP_HOST, CGI.HTTP_REFERER, and CGI.HTTP_USER_AGENT.
0
 

Expert Comment

by:Anticlue
ID: 8180063
Can you post the code where you set the cookies?

Also, when you converted the client storage mechanism from registry to SQL or access.  Did you convert the data?  Did you clean out the registry afterwards?

0
 

Author Comment

by:dbabbitt
ID: 8180795
When I converted the client storage mechanism from registry to SQL, I did not convert the data. Afterwards, cleaning out the registry, HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\
CurrentVersion\Clients took almost a minute to expand in regedit. I deleted the whole key and restarted the main ColdFusion Services. I opened a new browser, logged into the site, clicked on a form link, and... no joy. It still gives me the re-login form. It also still misinterprets what kind of browser I am using (because of the missing CGI.HTTP_USER_AGENT). Holding down the Ctrl key and hitting F5 then clicking the Retry button works every time to get back what I had originally.
0
 

Author Comment

by:dbabbitt
ID: 8181250
At the bottom of the log user into central station template, it looks like this:

<!--- Serialize packet --->
<CFWDDX ACTION="CFML2WDDX" INPUT="#Access#" OUTPUT="myPacket">

<!--- Create cookie with contents of the packet, make sure it expires in a day. --->
<cfcookie name="User_Info" value="#myPacket#" expires="1">
0
 

Author Comment

by:dbabbitt
ID: 8181486
I'm now logging the user in like this:


<!--- Serialize packet --->
<CFWDDX ACTION="CFML2WDDX" INPUT="#Access#" OUTPUT="myPacket">

<!--- Create cookie with contents of the packet, make sure it expires in a day. --->
<cfcookie name="User_Info" value="#myPacket#" expires="1">

<cfscript>
     /* Create client variable with contents of the packet */
     Client.User_Info = myPacket;
     /* Create session variable with contents of the packet */
     StructInsert(Session, 'User_Info', myPacket, true);
</cfscript>


Before I push the submit button:
1) All the various CGI.HTTP_* variables mentioned above exist.
2) Cookie.CFID = 21, Cookie.CFMAGIC = 21:73159472, Cookie.CFTOKEN = 73159472, and Cookie.USER_INFO exists.
3) Session.CFID = 21, Session.CFTOKEN 73159472, and Session.USER_INFO exists.
4) Client.CFID = 21, Client.CFToken = 73159472, and Client.USER_INFO exists.

After I push the submit button:
1) All the various CGI.HTTP_* variables mentioned above (accept for CGI.HTTP_ACCEPT) no longer exist.
2) Cookie.CFID = 24, Cookie.CFMAGIC = 24:85905525, Cookie.CFTOKEN = 85905525, and Cookie.USER_INFO no longer exists.
3) Session.CFID = 24, Session.CFTOKEN 85905525, and Session.USER_INFO no longer exists.
4) Client.CFID = 24, Client.CFToken = 85905525, and Client.USER_INFO no longer exists.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8181775
it sweems as though your cfid and cftoken values are changing so you  lose your session and client data (b/c the combination of the two identify the user)

when those change, the cf application thinks its a different/new user.

in:
!--- Create an arbitrary (but consistently used) scope for log ins --->
<cfapplication
    name="MyProductionServerzApplicationName"
    clientmanagement="Yes"
    sessionmanagement="Yes"
    sessiontimeout="#MySessionTimeOut#"
>

What is the value of MySessionTimeOut?

Try this as an alternative CFAPPLICATION:

<cfapplication
    name="MyProductionServerzApplicationName"
    clientmanagement="Yes"
    sessionmanagement="Yes"
    sessiontimeout="#MySessionTimeOut#"
    SETCLIENTCOOKIES="NO">
                 
<!--- CF will not set the client cookies automatically, so
    set them manually as per-session cookies --->
      <CFLOCK SCOPE="SESSION" TYPE="READONLY" TIMEOUT="5">
         <CFCOOKIE NAME="CFID" VALUE="#SESSION.CFID#">
         <CFCOOKIE NAME="CFTOKEN" VALUE="#SESSION.CFTOKEN#">
      </CFLOCK>

For Client Management:

<!--- With Client Management Enabled --->

!--- CF will not set the client cookies automatically,
   so set them manually as per-session cookies --->
<CFCOOKIE NAME="CFID" VALUE="#CLIENT.CFID#">
<CFCOOKIE NAME="CFTOKEN" VALUE="#CLIENT.CFTOKEN#">

Now since you have client and session management enabled.  You will have to make sure that cfid and cftoken for both client and session scope are the same.  Try outputting them.

A good read:
http://www.macromedia.com/support/coldfusion/ts/documents/tn17915.htm

CJ
0
 

Author Comment

by:dbabbitt
ID: 8181792
I'm now logging the user in like this:


<!--- Serialize packet --->
<CFWDDX ACTION="CFML2WDDX" INPUT="#Access#" OUTPUT="myPacket">

<!--- Create cookie with contents of the packet, make sure it expires in a day. --->
<cfcookie name="User_Info" value="#myPacket#" expires="1">

<cfscript>
     /* Create client variable with contents of the packet */
     Client.User_Info = myPacket;
     /* Create session variable with contents of the packet */
     StructInsert(Session, 'User_Info', myPacket, true);
</cfscript>


Before I push the submit button:
1) All the various CGI.HTTP_* variables mentioned above exist.
2) Cookie.CFID = 21, Cookie.CFMAGIC = 21:73159472, Cookie.CFTOKEN = 73159472, and Cookie.USER_INFO exists.
3) Session.CFID = 21, Session.CFTOKEN 73159472, and Session.USER_INFO exists.
4) Client.CFID = 21, Client.CFToken = 73159472, and Client.USER_INFO exists.

After I push the submit button:
1) All the various CGI.HTTP_* variables mentioned above (accept for CGI.HTTP_ACCEPT) no longer exist.
2) Cookie.CFID = 24, Cookie.CFMAGIC = 24:85905525, Cookie.CFTOKEN = 85905525, and Cookie.USER_INFO no longer exists.
3) Session.CFID = 24, Session.CFTOKEN 85905525, and Session.USER_INFO no longer exists.
4) Client.CFID = 24, Client.CFToken = 85905525, and Client.USER_INFO no longer exists.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8181793
0
 

Author Comment

by:dbabbitt
ID: 8182352
The value of MySessionTimeOut is:

<!--- Use a variable for session time out so it can be used as the query cached period --->
<cfset MySessionTimeOut="#CreateTimeSpan(0, 1, 0, 0)#">
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8182379
try some of the above.. let us know the results.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8182399
In Application.cfm I changed this:


<!--- Create an arbitrary (but consistently used) scope for log ins --->
<cfapplication
     name="MyProductionServerzApplicationName"
     clientmanagement="Yes"
     sessionmanagement="Yes"
     sessiontimeout="#MySessionTimeOut#"
     setdomaincookies="Yes"
>

<!--- Re-write the session cookies so they will only be memory cookies. --->
<cfcookie name="CFID" value="#Cookie.CFID#">
<cfcookie name="CFTOKEN" value="#Cookie.CFTOKEN#">


to this:


<!--- Create an arbitrary (but consistently used) scope for log ins --->
<cfapplication
     name="MyProductionServerzApplicationName"
     clientmanagement="Yes"
     sessionmanagement="Yes"
     sessiontimeout="#MySessionTimeOut#"
     setclientcookies="No"
>
   
<!--- CF will not set the client cookies automatically, so set them manually as per-session cookies --->
<cflock timeout="5" throwontimeout="No" type="READONLY" scope="SESSION">
     <cfcookie name="CFID" value="#Session.CFID#">
     <cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
</cflock>
0
 

Author Comment

by:dbabbitt
ID: 8182437
The CFID is still changing after I made the above changes to Application.cfm. Before hitting the submit button:

CFID 25  
CFToken 33044530

After hitting the submit button:

CFID 26  
CFToken 39078247  
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8182734
This is very odd.

Can you outline your path/process and entail what happens vs what is supposed to happen.

Thanx,
CJ
0
 

Author Comment

by:dbabbitt
ID: 8182764
But why would any cfcookie action work if I'm losing CGI.HTTP_COOKIE on the way back? I think version 6.0.2800.1106 of Internet Explorer is the problem. I don't lose my CFID cookies when I use Mozilla 1.3 (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312), and, excepting the workarounds for the lack of response to cflocation, I don't lose Session.User_Info and Client_Info either. Strangely, I was never able to set Cookie.User_Info.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8182856
HTTP_COOKIE
Name-value pair stored earlier at the client by the server

Means if the Server hasn't set any cookies yet it will be blank.

I think it maybe an issue with the domain/path.

try this:

<!--- Create an arbitrary (but consistently used) scope for log ins --->
<cfapplication
    name="MyProductionServerzApplicationName"
    clientmanagement="Yes"
    sessionmanagement="Yes"
    sessiontimeout="#MySessionTimeOut#"
    setclientcookies="No"
>
   
<!--- CF will not set the client cookies automatically, so set them manually as per-session cookies --->
<cflock timeout="5" throwontimeout="No" type="READONLY" scope="SESSION">
    <cfcookie name="CFID" value="#Session.CFID#" domain="yourproductionserver.net" path="/">
    <cfcookie name="CFTOKEN" value="#Session.CFTOKEN#"domain="yourproductionserver.net" path="/">
</cflock>

CJ
0
 

Author Comment

by:dbabbitt
ID: 8183033
1) I go to the home page.
    a) IIS passes the default document and the browser's CGI variables to the CF Server.
    b) The CF Server runs Application.cfm first and does little because the default document is on the approved list.
    c) The default document and its login form (cfincluded) are run.
2) I fill in my user id and password and click the submit button.
    a) IIS passes the login template and the browser's CGI variables to the CF Server.
    b) The CF Server runs Application.cfm first and does little because the login template is on the approved list.
    c) The login template is run.
          i) The user info cookie is set.
          ii) The browser is cflocated to the central station template.
    d) IIS passes the central station template and the browser's CGI variables to the CF Server.
    e) The CF Server runs Application.cfm first and does little because the user info cookie is set.
    f) The central station template is run and a clock in form is built for me to click on.
3) I click the submit button in the clock in form.
    a) IIS passes the clockin template and SHOULD HAVE PASSED the browser's CGI variables to the CF Server, but doesn't for some reason.
    b) The CF Server runs Application.cfm first and discovers that the browser's CGI variables are missing.
          i) The login form is cfincluded.
          ii) The Application.cfm template is aborted.
0
 

Author Comment

by:dbabbitt
ID: 8183279
This is what the IIS log looks like when I perform the above steps:

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2003-03-21 19:44:21
#Fields: time cs-method cs-uri-stem cs-uri-query cs(Cookie) cs(Referer)
19:44:21 GET /index.cfm - CFMAGIC=25%3A33044530;+USER_INFO=...this-is-a-really-big-cookie-dudes...;+CFID=39;+CFTOKEN=99788566 -
19:44:28 POST /logon.cfm - CFMAGIC=25%3A33044530;+USER_INFO=...this-is-a-really-big-cookie-dudes...;+CFID=39;+CFTOKEN=99788566 http://davezcompaq/
19:44:28 GET /central_station.cfm C2CD1387-F54E-4C17-BDC4186F20C6C5AB CFMAGIC=25%3A33044530;+USER_INFO=...this-is-a-really-big-cookie-dudes...;+CFID=39;+CFTOKEN=99788566 -
19:44:49 POST /_PM/time/time_clock_out_confirm.cfm - CFMAGIC=25%3A33044530;+USER_INFO=...this-is-a-really-big-cookie-dudes...;+CFID=39;+CFTOKEN=99788566 http://davezcompaq/central_station.cfm?C2CD1387-F54E-4C17-BDC4186F20C6C5AB

This suggests to me that since IIS is logging the user info cookie it is probably passing that cookie onto the CF server. I don't understand why the cf magic cookie does not mesh with the cf id and cf token cookies, though.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8183387
cfid and cftoken didn't seem to change.

cfmagic is a tricky thing.. here is some explanation about it:
http://docs.jcu.edu.au/cold_fusion/cfdocs/Allaire_Support/new.htm#setdomaincookies

CJ
0
 

Author Comment

by:dbabbitt
ID: 8183785
Since I started posting comments, someone at www.asobens.com.mx is trying to run my cmd.exe via my production server. I guess I'm leaving too much info in these comments. Erk. :-(
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8183814
>someone at www.asobens.com.mx is trying to run my cmd.exe

someone is trying to hack your server from what you have posted here?  Wow, that sux.  I will get an Admin involved to see if they can find out what/who is trying.

I would take some security measures of disable cfexecute and any remote invocation cf code.

make sure you are not evaluating or executing anything passed via url params.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8184290
In Application.cfm I changed this:


<!--- CF will not set the client cookies automatically, so set them manually as per-session cookies --->
<cflock timeout="5" throwontimeout="No" type="READONLY" scope="SESSION">
     <cfcookie name="CFID" value="#Session.CFID#">
     <cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
</cflock>


to this:


<!--- CF will not set the client cookies automatically, so set them manually as per-session cookies --->
<cflock timeout="5" throwontimeout="No" type="READONLY" scope="SESSION">
     <cfcookie name="CFID" value="#Session.CFID#" domain=".#CGI.SERVER_NAME#" path="/">
     <cfcookie name="CFTOKEN" value="#Session.CFTOKEN#" domain=".#CGI.SERVER_NAME#" path="/">
</cflock>

and in some cases I was not forced to re-logon! I will peruse the literature made available to me and get back to you. :-)

Thanx
0
 

Author Comment

by:dbabbitt
ID: 8184892
Somebody from d-11-127.dhcp-156-56.indiana.edu is trying every combination of \
[Edited by Cerebro]
http://127.0.0.1/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+C:\ http://127.0.0.1/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+D:\ http://127.0.0.1/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+E:\ etc.
[Edited by Cerebro]
Does anyone know what this is? It looks like the UNICODE exploit for IIS 5.0/4.0 circa May 14, 2001. Probably that Mexican guy that works for Asociacion de Distribuidores Mercedes Benz, A.C. is doing it. LOL! Who knows. :-)
0
 
LVL 1

Expert Comment

by:Cerebro
ID: 8187173
dbabbit: As per your request I have edited and removed references to an IP address or server name that may reveal to  malicious users your production server's address.

If I have missed a comment/line please let me know and I will  fix that.

If I can be of any other assistance please let me know.

Cerebro
Community Moderator
Experts Exchange
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188259
Any updates dbabbit?

I am curious that the change fixed in some cases but not all.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8189446
Yes, the complicated javascript-activated form I was using for testing works now, everything else still causes a forced relogin page to come up. Nothing about this form has been changed. I'm planning on slowly removing header and form information and retesting each time to see it I can pinpoint some combination that makes this not work.
0
 

Author Comment

by:dbabbitt
ID: 8189696
If I View Source, copy the html to a file called bad.htm, view that in the browser, then click on the offending submits, the page behaves as it should. It's possibly something in the header, for instance something that can be changed with cfheader. I'm going to methodically remove CFML from the templates until I can cause the page to stop misbehaving.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8190178
are the cfid and cftoken still changing?

are you using cflocation anywhere?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8191063
Well, given that .htm files don't have cfids and cftokens, I copied the HTML to another file, called bad.cfm.

Before I push the submit button:
1) All the various CGI.HTTP_* variables mentioned above (except CGI.HTTP_REFERER) exist.
2) Cookie.CFID = 125, Cookie.CFMAGIC = 25:33044530, Cookie.CFTOKEN = 56316595, and Cookie.USER_INFO exists.
3) Session.CFID = 125, Session.CFTOKEN 56316595, and Session.USER_INFO does not exist.
4) Client.CFID = 125, Client.CFToken = 56316595, and Client.USER_INFO does not exist.

After I push the submit button:
1) All the various CGI.HTTP_* variables mentioned above exist.
2) Cookie.CFID = 127, Cookie.CFMAGIC = 25:33044530, Cookie.CFTOKEN = 75829985, and Cookie.USER_INFO still exists.
3) Session.CFID = 127, Session.CFTOKEN 75829985, and Session.USER_INFO still does not exist.
4) Client.CFID = 127, Client.CFToken = 75829985, and Client.USER_INFO still does not exist.
0
 

Author Comment

by:dbabbitt
ID: 8191366
I insert a self-calling control panel whose form action is itself. When the control panel detects that its referrer was itself, is does some database action then this:

     
     <!--- Go back to where you came from --->
     <CFLOCATION ADDTOKEN="No" URL="#CGI.HTTP_REFERER#">
0
 

Author Comment

by:dbabbitt
ID: 8192241
I've got the templates pared down to just the javascript-enable form and the normal form - no <head></head>, etc.

Before I click the javascript-enabled form link or the submit button:
Cookie.CFID 191
Cookie.CFMAGIC 25:33044530
Cookie.CFTOKEN 83813765
Cookie.USER_INFO (defined)
Session.CFID 191
Session.CFTOKEN 83813765
Session.USER_INFO (not defined)
Client.CFID 191
Client.CFToken 83813765
Client.USER_INFO (not defined)
CGI.HTTP_ACCEPT_ENCODING gzip, deflate
CGI.HTTP_ACCEPT_LANGUAGE en-us
CGI.HTTP_CACHE_CONTROL no-cache
CGI.HTTP_CONNECTION Keep-Alive
CGI.HTTP_CONTENT_LENGTH 0
CGI.HTTP_CONTENT_TYPE (blank)
CGI.HTTP_COOKIE (defined)
CGI.HTTP_HOST davezcompaq
CGI.HTTP_REFERER (defined)
CGI.HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; iOpus-I-M)

After I click the javascript-enabled form link:
Cookie.CFID 191
Cookie.CFMAGIC (not defined)
Cookie.CFTOKEN 83813765
Cookie.USER_INFO (not defined)
Session.CFID 191
Session.CFTOKEN 83813765
Session.USER_INFO (not defined)
Client.CFID 191
Client.CFToken 83813765
Client.USER_INFO (not defined)
CGI.HTTP_ACCEPT_ENCODING (blank)
CGI.HTTP_ACCEPT_LANGUAGE (blank)
CGI.HTTP_CACHE_CONTROL (blank)
CGI.HTTP_CONNECTION (blank)
CGI.HTTP_CONTENT_LENGTH 0
CGI.HTTP_CONTENT_TYPE application/x-www-form-urlencoded
CGI.HTTP_COOKIE (blank)
CGI.HTTP_HOST (blank)
CGI.HTTP_REFERER (blank)
CGI.HTTP_USER_AGENT (blank)

After I click the submit button:
Cookie.CFID 192
Cookie.CFMAGIC (not defined)
Cookie.CFTOKEN 70077366
Cookie.USER_INFO (not defined)
Session.CFID 192
Session.CFTOKEN 70077366
Session.USER_INFO (not defined)
Client.CFID 192
Client.CFToken 70077366
Client.USER_INFO (not defined)
CGI.HTTP_ACCEPT_ENCODING (blank)
CGI.HTTP_ACCEPT_LANGUAGE (blank)
CGI.HTTP_CACHE_CONTROL (blank)
CGI.HTTP_CONNECTION (blank)
CGI.HTTP_CONTENT_LENGTH 0
CGI.HTTP_CONTENT_TYPE application/x-www-form-urlencoded
CGI.HTTP_COOKIE (blank)
CGI.HTTP_HOST (blank)
CGI.HTTP_REFERER (blank)
CGI.HTTP_USER_AGENT (blank)
0
 

Author Comment

by:dbabbitt
ID: 8192322
This is what Mozilla 1.3 (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312) looks like. Remember, I've got the templates pared down to just the javascript-enable form and the normal form - no <head></head>, etc.

Before I click the javascript-enabled form link or the submit button:
Cookie.CFID        195
Cookie.CFMAGIC      (not defined)
Cookie.CFTOKEN      30653229
Cookie.USER_INFO      (defined)
Session.CFID      195
Session.CFTOKEN      30653229
Session.USER_INFO      (not defined)
Client.CFID      195
Client.CFToken      30653229
Client.USER_INFO      (not defined)
CGI.HTTP_ACCEPT_ENCODING      gzip,deflate,compress;q=0.9
CGI.HTTP_ACCEPT_LANGUAGE      en-us,en;q=0.5
CGI.HTTP_CACHE_CONTROL      (blank)
CGI.HTTP_CONNECTION      keep-alive
CGI.HTTP_CONTENT_LENGTH      0
CGI.HTTP_CONTENT_TYPE      (blank)
CGI.HTTP_COOKIE (defined)
CGI.HTTP_HOST      davezcompaq
CGI.HTTP_REFERER      (blank)
CGI.HTTP_USER_AGENT      Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312

Clicking the javascript-enabled form link works!! Here is the data:
Cookie.CFID        195
Cookie.CFMAGIC      (not defined)
Cookie.CFTOKEN      30653229
Cookie.USER_INFO      (defined)
Session.CFID      195
Session.CFTOKEN      30653229
Session.USER_INFO      (not defined)
Client.CFID      195
Client.CFToken      30653229
Client.USER_INFO      (not defined)
CGI.HTTP_ACCEPT_ENCODING      gzip,deflate,compress;q=0.9
CGI.HTTP_ACCEPT_LANGUAGE      en-us,en;q=0.5
CGI.HTTP_CACHE_CONTROL      (blank)
CGI.HTTP_CONNECTION      keep-alive
CGI.HTTP_CONTENT_LENGTH      0
CGI.HTTP_CONTENT_TYPE      application/x-www-form-urlencoded
CGI.HTTP_COOKIE (defined)
CGI.HTTP_HOST      davezcompaq
CGI.HTTP_REFERER      (defined)
CGI.HTTP_USER_AGENT      Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312

After I (push the Back button and) click the submit button, it works again!!! Here is the data:
Cookie.CFID        196
Cookie.CFMAGIC      (not defined)
Cookie.CFTOKEN      33679268
Cookie.USER_INFO      (defined)
Session.CFID      196
Session.CFTOKEN      33679268
Session.USER_INFO      (not defined)
Client.CFID      196
Client.CFToken      33679268
Client.USER_INFO      (not defined)
CGI.HTTP_ACCEPT_ENCODING      gzip,deflate,compress;q=0.9
CGI.HTTP_ACCEPT_LANGUAGE      en-us,en;q=0.5
CGI.HTTP_CACHE_CONTROL      (blank)
CGI.HTTP_CONNECTION      keep-alive
CGI.HTTP_CONTENT_LENGTH      0
CGI.HTTP_CONTENT_TYPE      application/x-www-form-urlencoded
CGI.HTTP_COOKIE      (defined)
CGI.HTTP_HOST      davezcompaq
CGI.HTTP_REFERER      (defined)
CGI.HTTP_USER_AGENT      Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312


I don't know what to make of the fact that it works where MSIE doesn't, or the fact that the CFID has changed on the submit button but not on the javascript-enabled form link.
0
 

Author Comment

by:dbabbitt
ID: 8192348
The reason that the CFID does not increase when I click the javascript-enabled form link is because I am passing Session.URLToken in the URL. When I strip that out the CFID, it behaves just like the submit button.
0
 

Author Comment

by:dbabbitt
ID: 8192460
Here is the pared-down CFML:

<cfoutput><html><body>
     <cfscript>
          FormAction = "http://" & CGI.SERVER_NAME & CGI.SCRIPT_NAME;
          FormAction = FormAction & "?" & Session.URLToken;
          FormName="javascriptEnabledForm";
     </cfscript>
     <form
          action="#FormAction#"
          method="post"
          name="#FormName#"
     ><a
          href="javascript:this.document.forms['#FormName#'].submit()"
     >javascript-enabled form link</a></form>
     <form
          action="#FormAction#"
          method="post"
     ><input
          type="submit"
          value="Submit Button"
     ></form>
</body></html></cfoutput>

I can paste this or the HTML it displays into a different template and that template runs fine. I'm going to start work on paring down the Application.cfm.
0
 

Author Comment

by:dbabbitt
ID: 8194415
I really don't know how to pare down the Application.cfm: I mean, if I remove the logic that inserts the login form, of course it doesn't force a login! :-) Below are the boolean expressions within Application.cfm that determine the need to force a login.


MSIE and Mozilla before:
IsDefined('Access') Yes
ListFindNoCase(TrustList, CGI.SCRIPT_NAME) No
IsAuthenticated('MyProductionServerzApplicationName') No

MSIE after (either form):
IsDefined('Access') No
ListFindNoCase(TrustList, CGI.SCRIPT_NAME) No
IsAuthenticated('MyProductionServerzApplicationName') No

Mozilla after (either form):
IsDefined('Access') Yes
ListFindNoCase(TrustList, CGI.SCRIPT_NAME) No
IsAuthenticated('MyProductionServerzApplicationName') No


Notice how my application name is never authenticated? If this is the wrong way to go about it, what system should I use then?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8205512
why don't you just remove the isAuthenticated part.

if the session var exists.. and that session var is created my your login app.. then they must be authenticated right?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8205850
I think the key is the relocation javascript in the logon page:

<cfoutput><script
     type="text/jscript"
>
     window.location.href = 'http:/' + '/#CGI.SERVER_NAME##CentralStationRedirect#?#Session.URLToken#&#CreateUUID()#';
</script></cfoutput>

Is window.location.href no longer supported like it used to be? I have to actually go through the logon page and let it redirect me to another page in order to get the symptoms to appear; if I paste what seems like the offending code into another template and just show that template, I don't have the problem. If I use Mozilla, I end up having to skip over to the template in a similar manner. (This is because the window.location.href thing doesn't actually relocate you in Mozilla.)
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8205876
why are you using javascript redirect rather than cflocation?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8205946
I had problems with it in the past. What does cflocation do these days?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8205966
<clocation url="whatever" addtoken="yes">

will redirect and add your cfid, cftoken to the url.

as long as you are not setting any cookies, cflocation is a good choice.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8206001
Well, I AM setting cookies. The User_Info cookie. Got any other ideas?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8206025
a meta refresh?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8206124
How about this:

<cfheader
     statuscode="302"
     statustext="Object Temporarily Moved"
>
<cfheader
     name="location"
     value="http://#CGI.SERVER_NAME##CentralStationRedirect#?#Session.URLToken#&#CreateUUID()#"
>
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8206196
add that inside a cfif right?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8206452
Right. A complex set of cfcases and cfifs. It doesn't seem to help, though. At least the forms without Session.URLToken in the URL still don't work.
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 1200 total points
ID: 8211584
man, this is quite the puzzler

Have you been able to pinpoint the problem to set of pages/forms or is it still a general problem across the board?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8211916
I'm changing all <cflocation to <cf_location and all AddToken="No" to AddToken="Yes" and checking location.href on a case by case basis. I also probably need to go through each of the 580 or so forms in the app and add Session.URLToken to the URL. <cf_location was written by Christopher Bradford and just puts those two <cfheaders in place.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8212367
ah ok.. keep us posted.

CJ
0
 

Author Comment

by:dbabbitt
ID: 8245640
Others have confirmed that IE 6.1 sp1 is not respecting the area of memory that Macromedia uses to store its cookie data. Adding the session info to the URL, etc. helps a little.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8245727
A C? I would have rather you asked to PAQ this question than award it to me with a C. :-(

CJ
0
 

Author Comment

by:dbabbitt
ID: 8246277
OOPS! That was a mistake! How do I fix that?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8246314
I can get a moderator to fix that.

What do you want to change it to?

CJ
0
 

Author Comment

by:dbabbitt
ID: 8246338
A
0
 
LVL 1

Expert Comment

by:Cerebro
ID: 8246545
Grade changed as per requested.

Cerebro
EE Mod
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8246547
Thanx Cerebro and thank you dbabbit.

CJ
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question