Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Session Problem

Posted on 2004-10-16
9
Medium Priority
?
179 Views
Last Modified: 2013-12-24
I have a completely tested CF program that uses Sessions ans cflogin. I have tried to use it today, And I get an error message that warn about a security attack or a broken links, But I'm sure that there's no problem with the program.

detailed messages is :
CFID, CFTOKEN contains invalid characters.
This exception is caused by either broken links, or security attacks. The invalid id is 20173055#

Can someone help me ?

Regards,

Michael
0
Comment
Question by:Michael_O
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
9 Comments
 
LVL 15

Expert Comment

by:tim_cs
ID: 12327437
Don't know if this will help you out or not but check out the info from this link.

http://www.defusion.com/discussions/DisplayThread.cfm?ThreadID=1333
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12327912
The reason is because there are two copies of CFID and CFToken in the link. You can stop it by taking out URLToken out of the cflocations, as cflocation will put the URLToken in there.
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12329295
OR you can use the attribute: addtoken="No" in the cflocation tag and keep the URLToken variable in the location attribute.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:Michael_O
ID: 12331580
I have do all of them before posting, but it's a sometimes problem. sometime I get it and sometime do not get it.

0
 
LVL 7

Expert Comment

by:black0ps
ID: 12333150
When you get it, it's because there are two copies of CFID and CFToken in your URL. I believe that it is a bug in 6.1. When you get it, your URL will look something like:

http://www.mysite.com/index.cfm?CFID=123456&CFToken=1234&CFID=123456&CFToken=1234

It can happen when you have the following in your code:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#">

You can fix it with either of the two:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#" addtoken="no">
<cflocation url="http://www.mysite.com/index.cfm">
0
 

Author Comment

by:Michael_O
ID: 12337432
I'm familiar with this bug and Sure that it's not the case! I didn't used any client variables and addtoken="no" was added to cflocation, but "sometimes" executing this code result in this error.
0
 
LVL 7

Accepted Solution

by:
black0ps earned 1500 total points
ID: 12338865
Without knowing when it's executed, it's going to be extremely difficult for you to fix. If you can recreate the error, you should be able to fix it.

What you might to consider to entering a cferror into your Application.cfm page to catch the error when it shows up. Here is the code in my error page. This code will display a quick error message to the person receiving the error, then send me an email with the cferror diagnostic information, any form fields submitted, the query string to display any url variables submitted and deserialize the session structure to display (via the view source) any session variables that exist or don't exist. With this code, you would be able to track down when this error is occurring and on what page:

<cfmodule template="../Application.cfm">

<!--- Run Switchboard --->
<cfset Request.Title = "Error Occurred">
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->

<!--- Include Primary Navigation Content --->
<cfinclude template="/inc/dsp_top.cfm">

<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
<!--- Include Body Content --->
<cfmail
to = '#Application.Vars.Webmaster#'
from = '#Application.Vars.Webmaster#'
subject = "Web Site Error"
type="HTML">
<html>
<head>
<!--- Include local intranet base so scripts and images show up --->
<base href="http://technology/">
</head>
<body>
<table width="500" border="0" cellspacing="1" cellpadding="2" bgcolor="000000">
  <cfif IsDefined("Error.Browser")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Browser:</b></td>
    <td>#Error.Browser#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.DateTime")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Time:</b></td>
    <td>#LCase(TimeFormat(Error.DateTime, "h:mm t"))# - #DateFormat(Error.DateTime,
      "m/d/yyyy")#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.HTTPReferer")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Referer:</b></td>
    <td>#Error.HTTPReferer#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.QueryString")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Query String:</b></td>
    <td>#Error.QueryString#</td>
  </tr>
      </cfif>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Server:</b></td>
    <td>#CGI.SERVER_NAME#</td>
  </tr>
  <cfif IsDefined("Error.Template")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Error File:</b></td>
    <td>#Error.Template#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.RemoteAddress")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>IP Address:</b></td>
    <td>#Error.RemoteAddress#</td>
  </tr>
      </cfif>
</table>
<cfif IsDefined("Error.Diagnostics")>
<p> <b>Diagnostic:</b><br>
  #Error.Diagnostics#</p>
</cfif>
<table width="500" border="0" cellspacing="1" cellpadding="0" bgcolor="000000">
  <tr valign="top" bgcolor="FFFFFF">
    <td width="250">
      <cfif IsDefined("Form.FieldNames")>
      <b>Form Fields</b><br>
      #LCase(Form.FieldNames)#
      <table width="250" border="0" cellspacing="0" cellpadding="2">
      <cfloop from="1" to="#ListLen(Form.FieldNames)#" index="i">
        <cfif ListGetAt(Form.FieldNames,i) Does Not Contain "." AND IsDefined(ListGetAt(Form.FieldNames,i))>
        <tr>
          <td align="right"><b>Form.#LCase(ListGetAt(Form.FieldNames,i))#:</b></td>
          <td>#Evaluate("Form." & ListGetAt(Form.FieldNames,i))#</td>
        </tr>
        </cfif>
      </cfloop>
      </table>
      <cfelse>&nbsp;
      </cfif>
    </td>
    <td width="250">
      <cfif IsDefined("Session")>
      <b>Session Variables</b><br>
      #LCase(StructKeyList(Session))#
        <table width="250" border="0" cellspacing="0" cellpadding="2">
      <tr>
     <form name="error" action="">
             <td align="right">
              <cfwddx action="CFML2WDDX" input="#Session#" output="serror">
             <textarea cols="60" rows="10">#serror#</textarea>                  
              </td>
                  </form>
        </tr>
      </table>
      <cfelse>&nbsp;
      </cfif>
      </td>
  </tr>
</table>
<b>Generated Content:</b>
</body>
</html>
<cfif IsDefined("Error.GeneratedContent")>#Error.GeneratedContent#</cfif></cfmail>
<cfoutput><div id="cbody">
We apologize for the inconvenience. It appears an error has occurred
within the web site.<br>
The system operator has been notified and the issue will be addressed shortly.<p>
<cfif IsDefined("Error.Diagnostics")><h4>Diagnostic:</h4>
<p>#Error.Diagnostics#</p></cfif>
</div>
</cfoutput>
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question