Solved

Session Problem

Posted on 2004-10-16
9
173 Views
Last Modified: 2013-12-24
I have a completely tested CF program that uses Sessions ans cflogin. I have tried to use it today, And I get an error message that warn about a security attack or a broken links, But I'm sure that there's no problem with the program.

detailed messages is :
CFID, CFTOKEN contains invalid characters.
This exception is caused by either broken links, or security attacks. The invalid id is 20173055#

Can someone help me ?

Regards,

Michael
0
Comment
Question by:Michael_O
  • 4
  • 2
9 Comments
 
LVL 15

Expert Comment

by:tim_cs
ID: 12327437
Don't know if this will help you out or not but check out the info from this link.

http://www.defusion.com/discussions/DisplayThread.cfm?ThreadID=1333
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12327912
The reason is because there are two copies of CFID and CFToken in the link. You can stop it by taking out URLToken out of the cflocations, as cflocation will put the URLToken in there.
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12329295
OR you can use the attribute: addtoken="No" in the cflocation tag and keep the URLToken variable in the location attribute.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:Michael_O
ID: 12331580
I have do all of them before posting, but it's a sometimes problem. sometime I get it and sometime do not get it.

0
 
LVL 7

Expert Comment

by:black0ps
ID: 12333150
When you get it, it's because there are two copies of CFID and CFToken in your URL. I believe that it is a bug in 6.1. When you get it, your URL will look something like:

http://www.mysite.com/index.cfm?CFID=123456&CFToken=1234&CFID=123456&CFToken=1234

It can happen when you have the following in your code:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#">

You can fix it with either of the two:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#" addtoken="no">
<cflocation url="http://www.mysite.com/index.cfm">
0
 

Author Comment

by:Michael_O
ID: 12337432
I'm familiar with this bug and Sure that it's not the case! I didn't used any client variables and addtoken="no" was added to cflocation, but "sometimes" executing this code result in this error.
0
 
LVL 7

Accepted Solution

by:
black0ps earned 500 total points
ID: 12338865
Without knowing when it's executed, it's going to be extremely difficult for you to fix. If you can recreate the error, you should be able to fix it.

What you might to consider to entering a cferror into your Application.cfm page to catch the error when it shows up. Here is the code in my error page. This code will display a quick error message to the person receiving the error, then send me an email with the cferror diagnostic information, any form fields submitted, the query string to display any url variables submitted and deserialize the session structure to display (via the view source) any session variables that exist or don't exist. With this code, you would be able to track down when this error is occurring and on what page:

<cfmodule template="../Application.cfm">

<!--- Run Switchboard --->
<cfset Request.Title = "Error Occurred">
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->

<!--- Include Primary Navigation Content --->
<cfinclude template="/inc/dsp_top.cfm">

<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
<!--- Include Body Content --->
<cfmail
to = '#Application.Vars.Webmaster#'
from = '#Application.Vars.Webmaster#'
subject = "Web Site Error"
type="HTML">
<html>
<head>
<!--- Include local intranet base so scripts and images show up --->
<base href="http://technology/">
</head>
<body>
<table width="500" border="0" cellspacing="1" cellpadding="2" bgcolor="000000">
  <cfif IsDefined("Error.Browser")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Browser:</b></td>
    <td>#Error.Browser#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.DateTime")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Time:</b></td>
    <td>#LCase(TimeFormat(Error.DateTime, "h:mm t"))# - #DateFormat(Error.DateTime,
      "m/d/yyyy")#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.HTTPReferer")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Referer:</b></td>
    <td>#Error.HTTPReferer#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.QueryString")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Query String:</b></td>
    <td>#Error.QueryString#</td>
  </tr>
      </cfif>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Server:</b></td>
    <td>#CGI.SERVER_NAME#</td>
  </tr>
  <cfif IsDefined("Error.Template")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Error File:</b></td>
    <td>#Error.Template#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.RemoteAddress")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>IP Address:</b></td>
    <td>#Error.RemoteAddress#</td>
  </tr>
      </cfif>
</table>
<cfif IsDefined("Error.Diagnostics")>
<p> <b>Diagnostic:</b><br>
  #Error.Diagnostics#</p>
</cfif>
<table width="500" border="0" cellspacing="1" cellpadding="0" bgcolor="000000">
  <tr valign="top" bgcolor="FFFFFF">
    <td width="250">
      <cfif IsDefined("Form.FieldNames")>
      <b>Form Fields</b><br>
      #LCase(Form.FieldNames)#
      <table width="250" border="0" cellspacing="0" cellpadding="2">
      <cfloop from="1" to="#ListLen(Form.FieldNames)#" index="i">
        <cfif ListGetAt(Form.FieldNames,i) Does Not Contain "." AND IsDefined(ListGetAt(Form.FieldNames,i))>
        <tr>
          <td align="right"><b>Form.#LCase(ListGetAt(Form.FieldNames,i))#:</b></td>
          <td>#Evaluate("Form." & ListGetAt(Form.FieldNames,i))#</td>
        </tr>
        </cfif>
      </cfloop>
      </table>
      <cfelse>&nbsp;
      </cfif>
    </td>
    <td width="250">
      <cfif IsDefined("Session")>
      <b>Session Variables</b><br>
      #LCase(StructKeyList(Session))#
        <table width="250" border="0" cellspacing="0" cellpadding="2">
      <tr>
     <form name="error" action="">
             <td align="right">
              <cfwddx action="CFML2WDDX" input="#Session#" output="serror">
             <textarea cols="60" rows="10">#serror#</textarea>                  
              </td>
                  </form>
        </tr>
      </table>
      <cfelse>&nbsp;
      </cfif>
      </td>
  </tr>
</table>
<b>Generated Content:</b>
</body>
</html>
<cfif IsDefined("Error.GeneratedContent")>#Error.GeneratedContent#</cfif></cfmail>
<cfoutput><div id="cbody">
We apologize for the inconvenience. It appears an error has occurred
within the web site.<br>
The system operator has been notified and the issue will be addressed shortly.<p>
<cfif IsDefined("Error.Diagnostics")><h4>Diagnostic:</h4>
<p>#Error.Diagnostics#</p></cfif>
</div>
</cfoutput>
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
website does not load without www 12 74
Internal DNS Zone Issue 13 80
.dwt files not viewable in browser - why? 2 103
Two wordpress questions 3 62
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question