Solved

Session Problem

Posted on 2004-10-16
9
166 Views
Last Modified: 2013-12-24
I have a completely tested CF program that uses Sessions ans cflogin. I have tried to use it today, And I get an error message that warn about a security attack or a broken links, But I'm sure that there's no problem with the program.

detailed messages is :
CFID, CFTOKEN contains invalid characters.
This exception is caused by either broken links, or security attacks. The invalid id is 20173055#

Can someone help me ?

Regards,

Michael
0
Comment
Question by:Michael_O
  • 4
  • 2
9 Comments
 
LVL 15

Expert Comment

by:tim_cs
ID: 12327437
Don't know if this will help you out or not but check out the info from this link.

http://www.defusion.com/discussions/DisplayThread.cfm?ThreadID=1333
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12327912
The reason is because there are two copies of CFID and CFToken in the link. You can stop it by taking out URLToken out of the cflocations, as cflocation will put the URLToken in there.
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12329295
OR you can use the attribute: addtoken="No" in the cflocation tag and keep the URLToken variable in the location attribute.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Michael_O
ID: 12331580
I have do all of them before posting, but it's a sometimes problem. sometime I get it and sometime do not get it.

0
 
LVL 7

Expert Comment

by:black0ps
ID: 12333150
When you get it, it's because there are two copies of CFID and CFToken in your URL. I believe that it is a bug in 6.1. When you get it, your URL will look something like:

http://www.mysite.com/index.cfm?CFID=123456&CFToken=1234&CFID=123456&CFToken=1234

It can happen when you have the following in your code:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#">

You can fix it with either of the two:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#" addtoken="no">
<cflocation url="http://www.mysite.com/index.cfm">
0
 

Author Comment

by:Michael_O
ID: 12337432
I'm familiar with this bug and Sure that it's not the case! I didn't used any client variables and addtoken="no" was added to cflocation, but "sometimes" executing this code result in this error.
0
 
LVL 7

Accepted Solution

by:
black0ps earned 500 total points
ID: 12338865
Without knowing when it's executed, it's going to be extremely difficult for you to fix. If you can recreate the error, you should be able to fix it.

What you might to consider to entering a cferror into your Application.cfm page to catch the error when it shows up. Here is the code in my error page. This code will display a quick error message to the person receiving the error, then send me an email with the cferror diagnostic information, any form fields submitted, the query string to display any url variables submitted and deserialize the session structure to display (via the view source) any session variables that exist or don't exist. With this code, you would be able to track down when this error is occurring and on what page:

<cfmodule template="../Application.cfm">

<!--- Run Switchboard --->
<cfset Request.Title = "Error Occurred">
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->

<!--- Include Primary Navigation Content --->
<cfinclude template="/inc/dsp_top.cfm">

<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
<!--- Include Body Content --->
<cfmail
to = '#Application.Vars.Webmaster#'
from = '#Application.Vars.Webmaster#'
subject = "Web Site Error"
type="HTML">
<html>
<head>
<!--- Include local intranet base so scripts and images show up --->
<base href="http://technology/">
</head>
<body>
<table width="500" border="0" cellspacing="1" cellpadding="2" bgcolor="000000">
  <cfif IsDefined("Error.Browser")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Browser:</b></td>
    <td>#Error.Browser#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.DateTime")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Time:</b></td>
    <td>#LCase(TimeFormat(Error.DateTime, "h:mm t"))# - #DateFormat(Error.DateTime,
      "m/d/yyyy")#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.HTTPReferer")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Referer:</b></td>
    <td>#Error.HTTPReferer#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.QueryString")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Query String:</b></td>
    <td>#Error.QueryString#</td>
  </tr>
      </cfif>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Server:</b></td>
    <td>#CGI.SERVER_NAME#</td>
  </tr>
  <cfif IsDefined("Error.Template")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Error File:</b></td>
    <td>#Error.Template#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.RemoteAddress")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>IP Address:</b></td>
    <td>#Error.RemoteAddress#</td>
  </tr>
      </cfif>
</table>
<cfif IsDefined("Error.Diagnostics")>
<p> <b>Diagnostic:</b><br>
  #Error.Diagnostics#</p>
</cfif>
<table width="500" border="0" cellspacing="1" cellpadding="0" bgcolor="000000">
  <tr valign="top" bgcolor="FFFFFF">
    <td width="250">
      <cfif IsDefined("Form.FieldNames")>
      <b>Form Fields</b><br>
      #LCase(Form.FieldNames)#
      <table width="250" border="0" cellspacing="0" cellpadding="2">
      <cfloop from="1" to="#ListLen(Form.FieldNames)#" index="i">
        <cfif ListGetAt(Form.FieldNames,i) Does Not Contain "." AND IsDefined(ListGetAt(Form.FieldNames,i))>
        <tr>
          <td align="right"><b>Form.#LCase(ListGetAt(Form.FieldNames,i))#:</b></td>
          <td>#Evaluate("Form." & ListGetAt(Form.FieldNames,i))#</td>
        </tr>
        </cfif>
      </cfloop>
      </table>
      <cfelse>&nbsp;
      </cfif>
    </td>
    <td width="250">
      <cfif IsDefined("Session")>
      <b>Session Variables</b><br>
      #LCase(StructKeyList(Session))#
        <table width="250" border="0" cellspacing="0" cellpadding="2">
      <tr>
     <form name="error" action="">
             <td align="right">
              <cfwddx action="CFML2WDDX" input="#Session#" output="serror">
             <textarea cols="60" rows="10">#serror#</textarea>                  
              </td>
                  </form>
        </tr>
      </table>
      <cfelse>&nbsp;
      </cfif>
      </td>
  </tr>
</table>
<b>Generated Content:</b>
</body>
</html>
<cfif IsDefined("Error.GeneratedContent")>#Error.GeneratedContent#</cfif></cfmail>
<cfoutput><div id="cbody">
We apologize for the inconvenience. It appears an error has occurred
within the web site.<br>
The system operator has been notified and the issue will be addressed shortly.<p>
<cfif IsDefined("Error.Diagnostics")><h4>Diagnostic:</h4>
<p>#Error.Diagnostics#</p></cfif>
</div>
</cfoutput>
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now