Solved

ColdFusion URL Variables Appear?

Posted on 2013-02-02
7
340 Views
Last Modified: 2013-02-02
Hi,
This may be opening a can of worms - but here goes.

I have noticed that my ColdFusion application (V8.1) running on Windows Server 2003 (with IIS) often displays URLs as such:

http://www.myapp.com/blogs/myprog1.cfm?CFID=271943&CFTOKEN=44301668&jsessionid=f0305b61b428125824d7115820388337e31f

Or sometimes it will be displayed as :
http://www.myapp.com/blogs/myprog2-upload.cfm

I don't know what is causing the CF URL variables?.

Some notes:
-  I use CFlocate frequently to transfer to another program.  Sometime links.

-  I am using the CF admin option :
Use J2EE session variables  - as I want the session to end when the browser is closed (I don't know what else it's used for).

-  I do also drop cookies on the client periodically based on some code in my application.cfc.

I haven't included all the setting unless you would like to see them.

Any ideas?  I did find this from adobe but it was not clear to me:
http://forums.adobe.com/thread/116067
http://forums.adobe.com/message/35115


Thanks in advance,
hefterr
0
Comment
Question by:hefterr
  • 4
  • 3
7 Comments
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 38847007
It's most likely your cflocation code.  cflocation has a parameter named "addToken" which is true by default. When it (and session variables) are enabled, any call to cflocation also appends the session information to the URL.  If you're using j2ee sessions it appends the CFID, CFTOKEN and jSessionID. If not, it appends CFID& CFTOKEN.  

The reason for this feature is session variables require either cookies OR url variables to work. (Cookies are the default) The parameters you see in the URL identify the current user's session on the CF server.  By passing the tokens in the URL, session variables still work when cookies are disabled.

If you don't want them to appear in the url, change the addToken parameter to false

         ie <cflocation url="path/to/somePage.cfm" addToken="false">
0
 
LVL 1

Author Comment

by:hefterr
ID: 38847025
@_agx_
<cflocation url="path/to/somePage.cfm" addToken="false">

Will this ever cause a problem?

FYI.  I only have about 1,000 to modify :)

hefterr
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847034
Problem how?  The obvious result would be that features that use sessions would not work for users that disabled cookies.  But that's what you'd expect to happen :)

> FYI.  I only have about 1,000 to modify :)

If you use an IDE like CFEclipse that supports regex find/replace it's a breeze :)
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 1

Author Closing Comment

by:hefterr
ID: 38847077
Thanks!  - And congratulations on your new "Ace" title :)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847137
Lol, thanks.  It's funny I didn't even notice it until last week.  I went to donate some of my EE T-shirts to last month's charity drive and saw it and thought "when did that happen?" :)
0
 
LVL 1

Author Comment

by:hefterr
ID: 38847380
I received the monthly EE "newletter" email and it had you listed.  Very impressive!

FYI.  I think the cflocation is <cflocation url="myprog.cfm" addtoken="no">
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847483
Famous and I didn't even know it ;-) I'm embarrassed to say I rarely get a chance to catch up on all those.  I've got a ton of non-critical email that just piles up. I get to it like once or twice a year - if that! ;-)  Too much to read and not enough time.

>  <cflocation url="myprog.cfm" addtoken="no">

It should accept either "false" or "no".  But I remember there are still a few tags adobe forgot to update that will *only* accept "no". I don't think cflocation is one of them.  But I'd have to check to be 100% sure.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, I was working on some optimization and spam-stopping techniques when I encountered Ben Nadel's post to reduce spam feature using Math (http://www.bennadel.com/blog/197-How-I-Stop-Spammers-On-My-ColdFusion-Blog.htm). While this method is not o…
This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question