Comments on: CFLOCATION behavior change in CFMX7 http://awads.net/wp/2005/06/29/cflocation-behavior-change-in-cfmx7/ News, views, tips and tricks on Oracle and other fun stuff Thu, 18 Mar 2010 16:44:12 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Marcel http://awads.net/wp/2005/06/29/cflocation-behavior-change-in-cfmx7/comment-page-1/#comment-49987 Marcel Wed, 13 Sep 2006 22:57:53 +0000 http://awads.net/wp/?p=42#comment-49987 <p>I started to type a long story describing my problem i was working on... Then suddenly, it the cause popped into my head... I just tried and indeed it was the problem...</p> <p>Let me now explain, maybe other people can use it, as i was 5 hours busy with it:</p> <p>If you have a referring URL on another site like:</p> <p>http://online-image-editor.com/index.cfm?fa=image_editor&id=aaaaa The visitor is entering with that path.</p> <p>Now i add some session variables, and the next thing i redirect it with cflocation to: http://www.online-image-editor.com/index.cfm</p> <p>If you do this with Explorer browser, things work fine. However, if you do this with a FireFox browser, things will fail :-(</p> <p>For some reason Colffusion is giving different session id's to FireFox when the URL is with 'www' or without it.</p> <p>So when the visitor first visits the page with URL http://online-image-editor.com/ the session id gets different when it is 'redirected' to http://www.online-image-editor.com. Thus failing then to retrieve the session variables you just put before the redirect.</p> <p>I hope you have use from this information</p> I started to type a long story describing my problem i was working on… Then suddenly, it the cause popped into my head… I just tried and indeed it was the problem…

Let me now explain, maybe other people can use it, as i was 5 hours busy with it:

If you have a referring URL on another site like:

http://online-image-editor.com/index.cfm?fa=image_editor&id=aaaaa The visitor is entering with that path.

Now i add some session variables, and the next thing i redirect it with cflocation to: http://www.online-image-editor.com/index.cfm

If you do this with Explorer browser, things work fine. However, if you do this with a FireFox browser, things will fail :-(

For some reason Colffusion is giving different session id’s to FireFox when the URL is with ‘www’ or without it.

So when the visitor first visits the page with URL http://online-image-editor.com/ the session id gets different when it is ‘redirected’ to http://www.online-image-editor.com. Thus failing then to retrieve the session variables you just put before the redirect.

I hope you have use from this information

]]> By: Ray Horn http://awads.net/wp/2005/06/29/cflocation-behavior-change-in-cfmx7/comment-page-1/#comment-432 Ray Horn Tue, 06 Dec 2005 15:08:04 +0000 http://awads.net/wp/?p=42#comment-432 <p>Yes, but if you encrypt the string as a series of Hex digits rather than the default method there should be no problems in passing the encrypted Hex digit format via a URL.</p> Yes, but if you encrypt the string as a series of Hex digits rather than the default method there should be no problems in passing the encrypted Hex digit format via a URL.

]]> By: Eddie http://awads.net/wp/2005/06/29/cflocation-behavior-change-in-cfmx7/comment-page-1/#comment-21 Eddie Wed, 06 Jul 2005 23:10:12 +0000 http://awads.net/wp/?p=42#comment-21 <p>The problem is that any encrypted string that contains carriage return (CR) and line feed (LF) characters will fail. For example, the following will not work with ColdFusion MX 7 even if you URLEncode the encrypted string:</p> <pre><code>template1.cfm --------------- <cfset docid = encrypt ( '12345','password')> <cflocation url = 'template2.cfm?docid=#urlencodedformat(docid)#' addtoken='Yes'> template2.cfm --------------- <cfset docid = decrypt(url.docid,'password')> <cfoutput>docid=#docid#</cfoutput> </code></pre> <p>Now, following Matt Robertson's advice, you could change the way the string is encrypted. By tweaking the example above, we can make it work:</p> <pre><code>template1.cfm --------------- <cfset docid = encrypt ( '12345', 'password', 'BLOWFISH', 'Hex')> <cflocation url = 'template2.cfm?docid=#urlencodedformat(docid)#' addtoken='Yes'> template2.cfm --------------- <cfset docid = decrypt(url.docid, 'password', 'BLOWFISH', 'Hex')> <cfoutput>docid=#docid#</cfoutput> </code></pre> <p>I'm not sure whether this is a full proof solution or not, but at least it works in this example.</p> The problem is that any encrypted string that contains carriage return (CR) and line feed (LF) characters will fail. For example, the following will not work with ColdFusion MX 7 even if you URLEncode the encrypted string:

template1.cfm
---------------
<cfset docid = encrypt ( '12345','password')>
<cflocation 
url = 'template2.cfm?docid=#urlencodedformat(docid)#'
addtoken='Yes'>

template2.cfm
---------------
<cfset docid = decrypt(url.docid,'password')>
<cfoutput>docid=#docid#</cfoutput>

Now, following Matt Robertson’s advice, you could change the way the string is encrypted. By tweaking the example above, we can make it work:

template1.cfm
---------------
<cfset docid = 
 encrypt ( '12345', 'password', 'BLOWFISH', 'Hex')>
<cflocation 
url = 'template2.cfm?docid=#urlencodedformat(docid)#'
addtoken='Yes'>

template2.cfm
---------------
<cfset docid = 
decrypt(url.docid, 'password', 'BLOWFISH', 'Hex')>
<cfoutput>docid=#docid#</cfoutput>

I’m not sure whether this is a full proof solution or not, but at least it works in this example.

]]> By: Matt Robertson http://awads.net/wp/2005/06/29/cflocation-behavior-change-in-cfmx7/comment-page-1/#comment-20 Matt Robertson Wed, 06 Jul 2005 21:55:52 +0000 http://awads.net/wp/?p=42#comment-20 <p>You could also change your encryption so that you are creating a url-safe string.</p> You could also change your encryption so that you are creating a url-safe string.

]]>