Solved

ColdFusion URL Variables Appear?

Posted on 2013-02-02
7
341 Views
Last Modified: 2013-02-02
Hi,
This may be opening a can of worms - but here goes.

I have noticed that my ColdFusion application (V8.1) running on Windows Server 2003 (with IIS) often displays URLs as such:

http://www.myapp.com/blogs/myprog1.cfm?CFID=271943&CFTOKEN=44301668&jsessionid=f0305b61b428125824d7115820388337e31f

Or sometimes it will be displayed as :
http://www.myapp.com/blogs/myprog2-upload.cfm

I don't know what is causing the CF URL variables?.

Some notes:
-  I use CFlocate frequently to transfer to another program.  Sometime links.

-  I am using the CF admin option :
Use J2EE session variables  - as I want the session to end when the browser is closed (I don't know what else it's used for).

-  I do also drop cookies on the client periodically based on some code in my application.cfc.

I haven't included all the setting unless you would like to see them.

Any ideas?  I did find this from adobe but it was not clear to me:
http://forums.adobe.com/thread/116067
http://forums.adobe.com/message/35115


Thanks in advance,
hefterr
0
Comment
Question by:hefterr
  • 4
  • 3
7 Comments
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 38847007
It's most likely your cflocation code.  cflocation has a parameter named "addToken" which is true by default. When it (and session variables) are enabled, any call to cflocation also appends the session information to the URL.  If you're using j2ee sessions it appends the CFID, CFTOKEN and jSessionID. If not, it appends CFID& CFTOKEN.  

The reason for this feature is session variables require either cookies OR url variables to work. (Cookies are the default) The parameters you see in the URL identify the current user's session on the CF server.  By passing the tokens in the URL, session variables still work when cookies are disabled.

If you don't want them to appear in the url, change the addToken parameter to false

         ie <cflocation url="path/to/somePage.cfm" addToken="false">
0
 
LVL 1

Author Comment

by:hefterr
ID: 38847025
@_agx_
<cflocation url="path/to/somePage.cfm" addToken="false">

Will this ever cause a problem?

FYI.  I only have about 1,000 to modify :)

hefterr
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847034
Problem how?  The obvious result would be that features that use sessions would not work for users that disabled cookies.  But that's what you'd expect to happen :)

> FYI.  I only have about 1,000 to modify :)

If you use an IDE like CFEclipse that supports regex find/replace it's a breeze :)
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 1

Author Closing Comment

by:hefterr
ID: 38847077
Thanks!  - And congratulations on your new "Ace" title :)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847137
Lol, thanks.  It's funny I didn't even notice it until last week.  I went to donate some of my EE T-shirts to last month's charity drive and saw it and thought "when did that happen?" :)
0
 
LVL 1

Author Comment

by:hefterr
ID: 38847380
I received the monthly EE "newletter" email and it had you listed.  Very impressive!

FYI.  I think the cflocation is <cflocation url="myprog.cfm" addtoken="no">
0
 
LVL 52

Expert Comment

by:_agx_
ID: 38847483
Famous and I didn't even know it ;-) I'm embarrassed to say I rarely get a chance to catch up on all those.  I've got a ton of non-critical email that just piles up. I get to it like once or twice a year - if that! ;-)  Too much to read and not enough time.

>  <cflocation url="myprog.cfm" addtoken="no">

It should accept either "false" or "no".  But I remember there are still a few tags adobe forgot to update that will *only* accept "no". I don't think cflocation is one of them.  But I'd have to check to be 100% sure.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
I spent nearly three days trying to figure out how incorporate OAuth in Coldfusion for the Eventful API. Hopefully, this article will allow Coldfusion Programmers to buzz through the API when they need to. Basically, what this script does is authori…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question