MrBuzzy

Recent Blog Comments By MrBuzzy

• ColdFusion Query Error: Value Can Not Be Converted To Requested Type

  Posted on Jan 9, 2011 at 8:18 PM

  Thanks for this post, very helpful. I was looking for a way to flush this DB/query cache. It looks like the way to do it is 'suspend all client connections' on the datasource. Then re-run your query, then re-enable connections. Maybe.... read more »

• The Same CFID-CFTOKEN Values Are Used Across ColdFusion Session Timeouts

  Posted on Mar 23, 2009 at 6:33 PM

  @ Tim (and @Ben), yes it is exploitable. Note: There is a tick option in ColdFusion Administrator 'Use UUID for cftoken'. This makes the cftoken unique and harder to guess. I haven't found a reason not to use this setting ever. Has anyone?... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 3:26 PM

  Sigh, sorry, one last stab... @Ray I feel like we're talking about different things. I'm not stating a preference for safely or performance, I'm saying CF Server is built to work that way, as a guessed explanation of this 'bug' being discussed. Do some tests on pages without frames, try repetitive... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 3:08 PM

  @Ray I'm happy to disagree, maybe Ben can talk you round :) G'night. ps: you guys are now just describing how session management works :P Browsers are quirky, just don't use frames.... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 2:55 PM

  @Ray the latter is really the only viable way, from the perspective of building ColdFusion server to be rock solid. Which it is (as much as any other technology). Okay, that sounds sucky. Not going back now. Ben is free to risk swamping his servers with impatient/duplicate requests :) But it doesn'... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 2:23 PM

  Hi, I hope you can hear me out here (445am in Oz) - I don't actually think this is a 'bug' at all. It's the right behaviour and it protects the health of the server. Ben, lets say we put your locking mechanism in to production: It's a busy day, something's running slow. A few users get impatient wa... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 11:46 AM

  @Lee, well, yes that is the non-j2ee behaviour. (it's an option in cfadministrator). When j2ee sessions are on, the cookie is not persisted.... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 11:42 AM

  btw, I'm a slow typist and none of you had commented when I started :) Ditch that cfreturn tag is all I've got.... read more »

• ColdFusion Session Management And Asynchronous Page Requests

  Posted on Mar 20, 2009 at 11:29 AM

  I almost didn't believe my eyes :) Do you have j2ee sessions enabled? I'm thinking about the cookie that identifies the session. When a session starts, the cookie is returned to the client, to be passed on the next request. Or at least, that happens when the j2ee session (jsessionid) is created. M... read more »