Improve company productivity with a Business Account.Sign Up

x
?
Solved

Session Problem

Posted on 2004-10-16
9
Medium Priority
?
181 Views
Last Modified: 2013-12-24
I have a completely tested CF program that uses Sessions ans cflogin. I have tried to use it today, And I get an error message that warn about a security attack or a broken links, But I'm sure that there's no problem with the program.

detailed messages is :
CFID, CFTOKEN contains invalid characters.
This exception is caused by either broken links, or security attacks. The invalid id is 20173055#

Can someone help me ?

Regards,

Michael
0
Comment
Question by:Michael_O
  • 4
  • 2
7 Comments
 
LVL 15

Expert Comment

by:tim_cs
ID: 12327437
Don't know if this will help you out or not but check out the info from this link.

http://www.defusion.com/discussions/DisplayThread.cfm?ThreadID=1333
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12327912
The reason is because there are two copies of CFID and CFToken in the link. You can stop it by taking out URLToken out of the cflocations, as cflocation will put the URLToken in there.
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12329295
OR you can use the attribute: addtoken="No" in the cflocation tag and keep the URLToken variable in the location attribute.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 

Author Comment

by:Michael_O
ID: 12331580
I have do all of them before posting, but it's a sometimes problem. sometime I get it and sometime do not get it.

0
 
LVL 7

Expert Comment

by:black0ps
ID: 12333150
When you get it, it's because there are two copies of CFID and CFToken in your URL. I believe that it is a bug in 6.1. When you get it, your URL will look something like:

http://www.mysite.com/index.cfm?CFID=123456&CFToken=1234&CFID=123456&CFToken=1234

It can happen when you have the following in your code:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#">

You can fix it with either of the two:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#" addtoken="no">
<cflocation url="http://www.mysite.com/index.cfm">
0
 

Author Comment

by:Michael_O
ID: 12337432
I'm familiar with this bug and Sure that it's not the case! I didn't used any client variables and addtoken="no" was added to cflocation, but "sometimes" executing this code result in this error.
0
 
LVL 7

Accepted Solution

by:
black0ps earned 1500 total points
ID: 12338865
Without knowing when it's executed, it's going to be extremely difficult for you to fix. If you can recreate the error, you should be able to fix it.

What you might to consider to entering a cferror into your Application.cfm page to catch the error when it shows up. Here is the code in my error page. This code will display a quick error message to the person receiving the error, then send me an email with the cferror diagnostic information, any form fields submitted, the query string to display any url variables submitted and deserialize the session structure to display (via the view source) any session variables that exist or don't exist. With this code, you would be able to track down when this error is occurring and on what page:

<cfmodule template="../Application.cfm">

<!--- Run Switchboard --->
<cfset Request.Title = "Error Occurred">
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->

<!--- Include Primary Navigation Content --->
<cfinclude template="/inc/dsp_top.cfm">

<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
<!--- Include Body Content --->
<cfmail
to = '#Application.Vars.Webmaster#'
from = '#Application.Vars.Webmaster#'
subject = "Web Site Error"
type="HTML">
<html>
<head>
<!--- Include local intranet base so scripts and images show up --->
<base href="http://technology/">
</head>
<body>
<table width="500" border="0" cellspacing="1" cellpadding="2" bgcolor="000000">
  <cfif IsDefined("Error.Browser")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Browser:</b></td>
    <td>#Error.Browser#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.DateTime")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Time:</b></td>
    <td>#LCase(TimeFormat(Error.DateTime, "h:mm t"))# - #DateFormat(Error.DateTime,
      "m/d/yyyy")#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.HTTPReferer")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Referer:</b></td>
    <td>#Error.HTTPReferer#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.QueryString")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Query String:</b></td>
    <td>#Error.QueryString#</td>
  </tr>
      </cfif>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Server:</b></td>
    <td>#CGI.SERVER_NAME#</td>
  </tr>
  <cfif IsDefined("Error.Template")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Error File:</b></td>
    <td>#Error.Template#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.RemoteAddress")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>IP Address:</b></td>
    <td>#Error.RemoteAddress#</td>
  </tr>
      </cfif>
</table>
<cfif IsDefined("Error.Diagnostics")>
<p> <b>Diagnostic:</b><br>
  #Error.Diagnostics#</p>
</cfif>
<table width="500" border="0" cellspacing="1" cellpadding="0" bgcolor="000000">
  <tr valign="top" bgcolor="FFFFFF">
    <td width="250">
      <cfif IsDefined("Form.FieldNames")>
      <b>Form Fields</b><br>
      #LCase(Form.FieldNames)#
      <table width="250" border="0" cellspacing="0" cellpadding="2">
      <cfloop from="1" to="#ListLen(Form.FieldNames)#" index="i">
        <cfif ListGetAt(Form.FieldNames,i) Does Not Contain "." AND IsDefined(ListGetAt(Form.FieldNames,i))>
        <tr>
          <td align="right"><b>Form.#LCase(ListGetAt(Form.FieldNames,i))#:</b></td>
          <td>#Evaluate("Form." & ListGetAt(Form.FieldNames,i))#</td>
        </tr>
        </cfif>
      </cfloop>
      </table>
      <cfelse>&nbsp;
      </cfif>
    </td>
    <td width="250">
      <cfif IsDefined("Session")>
      <b>Session Variables</b><br>
      #LCase(StructKeyList(Session))#
        <table width="250" border="0" cellspacing="0" cellpadding="2">
      <tr>
     <form name="error" action="">
             <td align="right">
              <cfwddx action="CFML2WDDX" input="#Session#" output="serror">
             <textarea cols="60" rows="10">#serror#</textarea>                  
              </td>
                  </form>
        </tr>
      </table>
      <cfelse>&nbsp;
      </cfif>
      </td>
  </tr>
</table>
<b>Generated Content:</b>
</body>
</html>
<cfif IsDefined("Error.GeneratedContent")>#Error.GeneratedContent#</cfif></cfmail>
<cfoutput><div id="cbody">
We apologize for the inconvenience. It appears an error has occurred
within the web site.<br>
The system operator has been notified and the issue will be addressed shortly.<p>
<cfif IsDefined("Error.Diagnostics")><h4>Diagnostic:</h4>
<p>#Error.Diagnostics#</p></cfif>
</div>
</cfoutput>
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Media Temple is thrilled to announce the launch of our new Partner Program, specifically designed to empower digital agencies and adtech platforms by offering white-glove support and exclusive hosting enhancements to optimize their sites and their c…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
In the video, one can understand the process of resizing images in single or bulk. Kernel Bulk Image Resizer is an easy to use tool for resizing large number of images. One can add and resize multiple images with this tool in single go. The video sh…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question