Solved

Session Problem

Posted on 2004-10-16
9
170 Views
Last Modified: 2013-12-24
I have a completely tested CF program that uses Sessions ans cflogin. I have tried to use it today, And I get an error message that warn about a security attack or a broken links, But I'm sure that there's no problem with the program.

detailed messages is :
CFID, CFTOKEN contains invalid characters.
This exception is caused by either broken links, or security attacks. The invalid id is 20173055#

Can someone help me ?

Regards,

Michael
0
Comment
Question by:Michael_O
  • 4
  • 2
9 Comments
 
LVL 15

Expert Comment

by:tim_cs
ID: 12327437
Don't know if this will help you out or not but check out the info from this link.

http://www.defusion.com/discussions/DisplayThread.cfm?ThreadID=1333
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12327912
The reason is because there are two copies of CFID and CFToken in the link. You can stop it by taking out URLToken out of the cflocations, as cflocation will put the URLToken in there.
0
 
LVL 7

Expert Comment

by:black0ps
ID: 12329295
OR you can use the attribute: addtoken="No" in the cflocation tag and keep the URLToken variable in the location attribute.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Michael_O
ID: 12331580
I have do all of them before posting, but it's a sometimes problem. sometime I get it and sometime do not get it.

0
 
LVL 7

Expert Comment

by:black0ps
ID: 12333150
When you get it, it's because there are two copies of CFID and CFToken in your URL. I believe that it is a bug in 6.1. When you get it, your URL will look something like:

http://www.mysite.com/index.cfm?CFID=123456&CFToken=1234&CFID=123456&CFToken=1234

It can happen when you have the following in your code:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#">

You can fix it with either of the two:

<cflocation url="http://www.mysite.com/index.cfm?#Client.URLToken#" addtoken="no">
<cflocation url="http://www.mysite.com/index.cfm">
0
 

Author Comment

by:Michael_O
ID: 12337432
I'm familiar with this bug and Sure that it's not the case! I didn't used any client variables and addtoken="no" was added to cflocation, but "sometimes" executing this code result in this error.
0
 
LVL 7

Accepted Solution

by:
black0ps earned 500 total points
ID: 12338865
Without knowing when it's executed, it's going to be extremely difficult for you to fix. If you can recreate the error, you should be able to fix it.

What you might to consider to entering a cferror into your Application.cfm page to catch the error when it shows up. Here is the code in my error page. This code will display a quick error message to the person receiving the error, then send me an email with the cferror diagnostic information, any form fields submitted, the query string to display any url variables submitted and deserialize the session structure to display (via the view source) any session variables that exist or don't exist. With this code, you would be able to track down when this error is occurring and on what page:

<cfmodule template="../Application.cfm">

<!--- Run Switchboard --->
<cfset Request.Title = "Error Occurred">
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->

<!--- Include Primary Navigation Content --->
<cfinclude template="/inc/dsp_top.cfm">

<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
<!--- Include Body Content --->
<cfmail
to = '#Application.Vars.Webmaster#'
from = '#Application.Vars.Webmaster#'
subject = "Web Site Error"
type="HTML">
<html>
<head>
<!--- Include local intranet base so scripts and images show up --->
<base href="http://technology/">
</head>
<body>
<table width="500" border="0" cellspacing="1" cellpadding="2" bgcolor="000000">
  <cfif IsDefined("Error.Browser")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Browser:</b></td>
    <td>#Error.Browser#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.DateTime")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Time:</b></td>
    <td>#LCase(TimeFormat(Error.DateTime, "h:mm t"))# - #DateFormat(Error.DateTime,
      "m/d/yyyy")#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.HTTPReferer")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Referer:</b></td>
    <td>#Error.HTTPReferer#</td>
  </tr>
      </cfif>
      <cfif IsDefined("Error.QueryString")>
  <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Query String:</b></td>
    <td>#Error.QueryString#</td>
  </tr>
      </cfif>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Server:</b></td>
    <td>#CGI.SERVER_NAME#</td>
  </tr>
  <cfif IsDefined("Error.Template")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>Error File:</b></td>
    <td>#Error.Template#</td>
  </tr>
      </cfif>
  <cfif IsDefined("Error.RemoteAddress")>
      <tr bgcolor="FFFFFF">
    <td nowrap align="right"><b>IP Address:</b></td>
    <td>#Error.RemoteAddress#</td>
  </tr>
      </cfif>
</table>
<cfif IsDefined("Error.Diagnostics")>
<p> <b>Diagnostic:</b><br>
  #Error.Diagnostics#</p>
</cfif>
<table width="500" border="0" cellspacing="1" cellpadding="0" bgcolor="000000">
  <tr valign="top" bgcolor="FFFFFF">
    <td width="250">
      <cfif IsDefined("Form.FieldNames")>
      <b>Form Fields</b><br>
      #LCase(Form.FieldNames)#
      <table width="250" border="0" cellspacing="0" cellpadding="2">
      <cfloop from="1" to="#ListLen(Form.FieldNames)#" index="i">
        <cfif ListGetAt(Form.FieldNames,i) Does Not Contain "." AND IsDefined(ListGetAt(Form.FieldNames,i))>
        <tr>
          <td align="right"><b>Form.#LCase(ListGetAt(Form.FieldNames,i))#:</b></td>
          <td>#Evaluate("Form." & ListGetAt(Form.FieldNames,i))#</td>
        </tr>
        </cfif>
      </cfloop>
      </table>
      <cfelse>&nbsp;
      </cfif>
    </td>
    <td width="250">
      <cfif IsDefined("Session")>
      <b>Session Variables</b><br>
      #LCase(StructKeyList(Session))#
        <table width="250" border="0" cellspacing="0" cellpadding="2">
      <tr>
     <form name="error" action="">
             <td align="right">
              <cfwddx action="CFML2WDDX" input="#Session#" output="serror">
             <textarea cols="60" rows="10">#serror#</textarea>                  
              </td>
                  </form>
        </tr>
      </table>
      <cfelse>&nbsp;
      </cfif>
      </td>
  </tr>
</table>
<b>Generated Content:</b>
</body>
</html>
<cfif IsDefined("Error.GeneratedContent")>#Error.GeneratedContent#</cfif></cfmail>
<cfoutput><div id="cbody">
We apologize for the inconvenience. It appears an error has occurred
within the web site.<br>
The system operator has been notified and the issue will be addressed shortly.<p>
<cfif IsDefined("Error.Diagnostics")><h4>Diagnostic:</h4>
<p>#Error.Diagnostics#</p></cfif>
</div>
</cfoutput>
<!---:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--->
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now