?
Solved

URLSessionFormat Not doing its job

Posted on 2005-03-21
19
Medium Priority
?
266 Views
Last Modified: 2013-12-24
Every single URL on my website is set up to use URLSessionFormat.

Whenever a visitor first arrives on my page all the links for the entire visit are set up with the CFIDs and tokens independant of the users cookie acceptance. All subsequent visits have the information removed unless the user does not accept cookies, i.e. it works properly.

So what is going on here? We aren't using UUIDs. That's about all the info I have. Thanks!
0
Comment
Question by:jtreher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 3
  • +1
19 Comments
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 13595638
How about displaying what you have in your "Application.cfm"?

You need to make sure you have your sessionmanagement enabled there.

Then if you could display some code maybe there's an error in passing your info?

We can't say for sure what's wrong unless we can see the script causing the problem :o)

Regards,
~trail
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 13596565
Yep the problem sounds like it is in your application.cfm
0
 
LVL 5

Author Comment

by:jtreher
ID: 13601023
<cfapplication name="SISGGI" sessionmanagement="yes" clientmanagement="no"
setclientcookies="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#"
applicationtimeout="#CreateTimeSpan(0,0,30,0)#"  >

What error passing info?

The tag works correctly on all successive visits. #urlsessionformat()# is adding info upon first visit. So I'm not sure what data would be passed.
0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 
LVL 5

Author Comment

by:jtreher
ID: 13601340
Perhaps I should add that all of my session management is working fine. The problem is not affecting the application necessarily, it is just that URLSessionFormat is giving out everybodies IDs on a first visit. So what I'm going to end up with is confused users and possible session hijacking for all first time visitors. Plus, they may not even need their sessions unless they login, however, all templates have the potential for logged in user usage so they all must maintain state.
0
 
LVL 5

Author Comment

by:jtreher
ID: 13601454
everybody's
0
 
LVL 7

Accepted Solution

by:
black0ps earned 2000 total points
ID: 13602213
I might not be understanding this post, but a visitor won't have a cookie set until the second page of your application. Cookies are set after the first page loads. If your app is looking for the cfid and cftoken cookies on the first page and displaying URLSessionFormat based on this, it will display it for every new user without those cookies.

Perhaps work out a solution like this:

<cfif Client.HitCount LT 1 AND CGI.Referer Does Not Contain CGI.Server_Name>
<!--- Give visitor a chance to set client cookies.
<cfheader name="location" value="/shopping/account/dfx/cfid/#Client.CFID#/cftoken/#Client.CFToken#/error/#URLEncodedFormat(Attributes.Error)#/">
<cfheader statuscode="302" statustext="Document Moved">
<cfabort>
</cfif>

Hope that helps you out.
-- Ian
0
 
LVL 5

Author Comment

by:jtreher
ID: 13602389
Well, I did try to force a cookie in the Application.cfm file and that still didn't work. I can understand it not working for the first page, i.e. all the session info being appended on the first page of the first visit, but why aren't all successive pages' URLs served as normal? The cookie should be set, right? Unless URLSessionFormat works on a session basis which seems funny because it is a tag that is supposed to be independant of state.

So you solution is to basically get these people to visit a page without touching a URL and then instantly bring them back to the page they were oringially.

I was thinking that I would need to do something like create a session, destroy the session and then allow then redirect them back to the original page. This would be for first visits only, but I don't know how I would manage all that.

If URLSessionFormat works on a non-session visit, then this might work, but I couldn't get it to return my URLs back to normal as a cookie accepting user until I visited and then closed my browser.

Thanks for your posts, I'm sure we will narrow this down.
0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 13603022
Well what is it you are trying to do as far as your page function??

You have a user come to your site, login, and go about their way....??  or is this an application for a page... how is what you are doing suppose to be used, perhaps we could offer a better solution form experience, we know that will work for what you are trying to do? If we knew where you were going with it, maybe we'd have a better way of you getting there...

Regards,
~trail
0
 
LVL 5

Author Comment

by:jtreher
ID: 13613771
Hi there,

I have a shopping cart system that needs to maintain session information. A user should be able to view and add to cart without being logged in. This is a traditional website with an ecommerce side. Let's say a user comes to the homepage. They would not need to know their session information, but then let's say a user adds something to his or her cart, then the user goes back tot he home page - they would need their session info passed at this point in time if they did not have cookies. Since URLSessionFormat works on each URL, I don't think that URLSessionFormat is going to work.

Basically, if a user is going to log in and access account functions or add stuff to their cart, I need to track sessions. If not, I don't care. But I kind of have to place with the highest denominator here, which is the user that requires session info for pages that can be either or.

Thanks!
0
 
LVL 5

Author Comment

by:jtreher
ID: 13729842
I am not accepting any of these answers. Question is closed. I've decided to abandon this idea and implement a rule requiring cookies to access user profiles/shopping carts.
0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 13730105
I'm confused..

Just curious, what is the need for URLSessionFormat?

If you want to track a shopping cart without a user being logged in, use session management... they don't have to be logged in for that.

then when they log in for say purchasing what they have in their cart, then apply the session variables...

you can turn on session management in your application.cfm..

<cfapplication name="YourInfo"
sessionmanagement="Yes"
sessiontimeout=#CreateTimeSpan(0,0,45,0)#>

You can use these session.variables then however you like in your pages, it will keep account for what they have added to a cart. The if you want to delete the info then use a structdelete().

it's a pretty basic idea :o)
0
 
LVL 5

Author Comment

by:jtreher
ID: 13730131
Users that don't accept cookies lose their session information from page to page. Of course I'm using session management, it is indeed a very basic idea!
0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 13731281
you could set this in your application.cfm, just an idea, I'm still not sure exactly where you're running into an issue, or if this will resolve your issue?


<cfapplication name="SISGGI"
      sessionmanagement="yes"
      loginStorage = "session"
      clientStorage = "registry"
      clientmanagement="no"
      setclientcookies="yes"
      sessiontimeout="#CreateTimeSpan(0,0,30,0)#"
      applicationtimeout="#CreateTimeSpan(0,0,30,0)#"  >

~trail




0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 13922401
jtreher,

 Do you still need help with your question? lemme know :o)

~trail
0
 
LVL 5

Author Comment

by:jtreher
ID: 13945703
I've just set code to force users to acceppt cookies or not be allowed to use the features. I don't think support for URLSessionManagement is exactly there yet. I don't know who to assign points to because none of these were really solutions. It seems like everyone thought that my session management wasn't working when indeed it was as I tried to explain.

This was strictly a what do do about users that don't accept my CFID token cookies without annoying the users that do accept them.
0
 
LVL 7

Expert Comment

by:black0ps
ID: 13945831
With due respect, your original posting indicated you were looking to find out what was going on based on the four sentences of information. Trail had a lot of good information (what you had originally asked for) in response to this question; it seems unfair to change the question mid-way through the game. At the very least, it doesn't help you in the future if you ask a question; experts may not be so eager to assist.
0
 
LVL 5

Author Comment

by:jtreher
ID: 13945929
After reconsidering, the best answer was that a user doesn't have a cookie on their first visit to a page. It gets set, but by then it already too late for coldfusion. For the duration of the session coldfusion will add the CFID and token to the URL because URLSessionFormat must make up its mind about the user on first glance. It is rather pagist in that respect!
0
 
LVL 7

Expert Comment

by:black0ps
ID: 13945979
There certainly are some quarky things about CF when it comes to cookies; cookies altogether are a cloudy subject. Thanks for reconsidering for an answer.

-- Ian
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month8 days, 10 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question