Solved

ColdFusion URL Variables Appear?

Posted on 2013-02-02
7
337 Views
Last Modified: 2013-02-02
Hi,
This may be opening a can of worms - but here goes.

I have noticed that my ColdFusion application (V8.1) running on Windows Server 2003 (with IIS) often displays URLs as such:

http://www.myapp.com/blogs/myprog1.cfm?CFID=271943&CFTOKEN=44301668&jsessionid=f0305b61b428125824d7115820388337e31f

Or sometimes it will be displayed as :
http://www.myapp.com/blogs/myprog2-upload.cfm

I don't know what is causing the CF URL variables?.

Some notes:
-  I use CFlocate frequently to transfer to another program.  Sometime links.

-  I am using the CF admin option :
Use J2EE session variables  - as I want the session to end when the browser is closed (I don't know what else it's used for).

-  I do also drop cookies on the client periodically based on some code in my application.cfc.

I haven't included all the setting unless you would like to see them.

Any ideas?  I did find this from adobe but it was not clear to me:
http://forums.adobe.com/thread/116067
http://forums.adobe.com/message/35115


Thanks in advance,
hefterr
0
Comment
Question by:hefterr
  • 4
  • 3
7 Comments
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 38847007
It's most likely your cflocation code.  cflocation has a parameter named "addToken" which is true by default. When it (and session variables) are enabled, any call to cflocation also appends the session information to the URL.  If you're using j2ee sessions it appends the CFID, CFTOKEN and jSessionID. If not, it appends CFID& CFTOKEN.  

The reason for this feature is session variables require either cookies OR url variables to work. (Cookies are the default) The parameters you see in the URL identify the current user's session on the CF server.  By passing the tokens in the URL, session variables still work when cookies are disabled.

If you don't want them to appear in the url, change the addToken parameter to false

         ie <cflocation url="path/to/somePage.cfm" addToken="false">
0
 
LVL 1

Author Comment

by:hefterr
ID: 38847025
@_agx_
<cflocation url="path/to/somePage.cfm" addToken="false">

Will this ever cause a problem?

FYI.  I only have about 1,000 to modify :)

hefterr
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847034
Problem how?  The obvious result would be that features that use sessions would not work for users that disabled cookies.  But that's what you'd expect to happen :)

> FYI.  I only have about 1,000 to modify :)

If you use an IDE like CFEclipse that supports regex find/replace it's a breeze :)
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 1

Author Closing Comment

by:hefterr
ID: 38847077
Thanks!  - And congratulations on your new "Ace" title :)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847137
Lol, thanks.  It's funny I didn't even notice it until last week.  I went to donate some of my EE T-shirts to last month's charity drive and saw it and thought "when did that happen?" :)
0
 
LVL 1

Author Comment

by:hefterr
ID: 38847380
I received the monthly EE "newletter" email and it had you listed.  Very impressive!

FYI.  I think the cflocation is <cflocation url="myprog.cfm" addtoken="no">
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847483
Famous and I didn't even know it ;-) I'm embarrassed to say I rarely get a chance to catch up on all those.  I've got a ton of non-critical email that just piles up. I get to it like once or twice a year - if that! ;-)  Too much to read and not enough time.

>  <cflocation url="myprog.cfm" addtoken="no">

It should accept either "false" or "no".  But I remember there are still a few tags adobe forgot to update that will *only* accept "no". I don't think cflocation is one of them.  But I'd have to check to be 100% sure.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now