 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / ColdFusion / Server Administration / August 2006Major Bug With Client Var Storage in MX 7.0.2?
I think I found what looks to be a pretty big bug regarding client variable storage in CFMX. Strangely, the bug actually exists in both CFMX 6.1 and CFMX 7.0.2 (the two versions I'm testing against), but only crops up in 7.0.2. Further, you'll note that I'm saying it's a client variable issue (it is), but the bug seems to be with the JSESSIONID, which I thought only pertained to session variables. My problem statement is that client variables are "disappearing" after being set. In a nutshell, I log in to my site, which sets a couple of client variables, and then when I navigate another page on the site, the client variables are no longer in existence (it looks as if I've never logged in before). I'm running CFMX 7.0.2 Enterpise (WAR deployment) on Red Hat Enterprise Linux 4.0 (Update 3) using the internal JRun web server and using J2EE session variables. After a bit of detective work, I noticed while examining the HTTP headers on my initial visit to the site (with no existing cookie set) that the JSESSIONID is being set *twice* when I first hit my site. However, one JSESSIONID is being stored in the cglobal table while the other JSESSIONID is being stored in the actual cookie, which causes subsequent lookups to mismatch. Hence, it looks as if I've never logged in before. Here's the relevent header information when first visiting the site: HTTP/1.x 200 OK Set-Cookie: CFID=102;expires=Thu, 14-Aug-2036 13:20:27 GMT;path=/ Set-Cookie: CFTOKEN=66021081eab5f673-3609FCE3-CF52-FC2B-25E974A728406FC5;expires=Thu,14-Aug- 2036 13:20:27 GMT;path=/ Set-Cookie: JSESSIONID=583033e973025152237c;path=/ Set-Cookie: JSESSIONID=58306b4060d425456d5c;path=/ Date: Tue, 22 Aug 2006 13:20:27 GMT Content-Language: en-US Content-Type: text/html; charset=UTF-8 Connection: close Server: JRun Web Server See how there are two Set-Cookie directives for the JSESSIONID? The interesting part is that CFMX 6.1 (on Solaris, at least) does the same exact thing as far as the double Set-Cookie directives go. However, here's where MX 6.1 and MX 7.0.2 differ... If you examine what gets set in the actual cookie vs. what gets stored in the "data" column in the cglobal table in MX 7.0.2, you'll see this (based on the above header info): urltoken=CFID#=102&CFTOKEN#=66021081eab5f673-3609FCE3-CF52-FC2B-25E974A728406FC5 &jsessionid#=583033e973025152237c#lastvisit={ts'2006-08-22 09:20:27'}#timecreated={ts '2006-08-2209:20:26'}#hitcount=2#cftoken=66021081eab5f673-3609FCE3-CF52-FC2B-25E 974A728406FC5#cfid=102# The key bit there is the JSESSIONID value, which is set to 583033e973025152237c. However, the cookie's JSESSIONID value is 58306b4060d425456d5c. Doing the same comparison using CMFX 6.1, this is the HTTP header info: HTTP/1.x 200 OK Set-Cookie: CFID=3499;expires=Thu, 14-Aug-2036 13:31:50 GMT;path=/ Set-Cookie: CFTOKEN=525ea9a5badb14f2-36146ADA-DCAC-CE63-1706ADD070C8F8E1;expires=Thu,14-Aug- 2036 13:31:50 GMT;path=/ Set-Cookie: JSESSIONID=86308f1257484a747d6c;path=/ Set-Cookie: JSESSIONID=8630627b049162583e68;path=/ Date: Tue, 22 Aug 2006 13:31:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Server: JRun Web Server And this is the cglobal.data column value: urltoken=CFID#=3499&CFTOKEN#=525ea9a5badb14f2-36146ADA-DCAC-CE63-1706ADD070C8F8E 1&jsessionid#=8630627b049162583e68#lastvisit={ts'2006-08-22 09:32:03'}#timecreated={ts '2006-08-2209:31:50'}#hitcount=9#cftoken=525ea9a5badb14f2-36146ADA-DCAC-CE63-170 6ADD070C8F8E1#cfid=3499# And the cookie's JSESSIONID value is 8630627b049162583e68. Notice the key change in behavior between MX 6.1 and MX 7.0.2? In 6.1, even though two Set-Cookie directives were being set, the client variable storage logic was at least consistently using the second JSESSIONID value. In 7.0.2, it appears that the first JSESSIONID value is being stored in the cglobal table while the second JSESSIONID value is being stored in the cglobal table. Here's where the plot thickens even further... Even though my client variables are not being returned on subsequent clicks through my site (it's telling me I'm not logged in), the CFID/CFTOKEN/JSESSIONID values are *not* being re-set on each page call. In fact, if I query the cglobal table directly based on my CFID/CFTOKEN, the hitcount and lvisit values are actually being updated!!! This is a major showstopper in our migration process. Can anybody poke a hole in my setup/logic and point out something I'm doing wrong? The craziest part about it, to me, is that it's the client variables that are disappearing even though it looks like the culprit is the JSESSIONID value. I've even tried turning off J2EE session variables and the same exact problem occurs. Regards, Dave. > I think I found what looks to be a pretty big bug regarding client variable > storage in CFMX. Strangely, the bug actually exists in both CFMX 6.1 and CFMX [quoted text clipped - 3 lines] > session variables. My problem statement is that client variables are > "disappearing" after being set. > Set-Cookie: JSESSIONID=583033e973025152237c;path=/ > Set-Cookie: JSESSIONID=58306b4060d425456d5c;path=/ > This is a major showstopper in our migration process. Can anybody poke a hole > in my setup/logic and point out something I'm doing wrong? Your analysis appears correct. However, what you have not ruled out is that it is an issue with your code. Can you provide a self-contained test-case, for instance an application.cfm and a page1.cfm and a page2.cfm so we can try to reproduce this? Jochem  SignatureJochem van Dieten Adobe Community Expert for ColdFusion Hi Jochem. As for a repro, in a word, "no." It's not because I haven't spent the couple of hours trying to put something together for you. It's because the repro I put together is working as intended! There's something about the Application.cfm file in my web root that is causing issues (and I can't post it publicly due to company policies). In my repro, I created a sub-directory with its own Application.cfm file and copy-and-pasted in the <cfapplication> tag, and the client variables set correctly and the Set-Cookie directive for the JSESSIONID only fired once. I also did a <cfinclude> of the web root's Application.cfm file in the sub-directory's Application.cfm file and it worked without issue as well. I think I uncovered the bug with the double Set-Cookie directive though. If I called my site's root directory without specifying a file name (i.e., index.cfm), that's when the double Set-Cookie occurs. Put another way, if I leave it to ColdFusion to add the filename to the URL, and this is the first time to the site, the internal JWS will call Set-Cookie twice and set two different JSESSIONID values. Check this header difference out: Just calling the site root, i.e., www.mysite.com: HTTP/1.x 200 OK Set-Cookie: CFID=404;expires=Thu, 14-Aug-2036 18:06:51 GMT;path=/ Set-Cookie: CFTOKEN=8807b415abf291e4-371031FB-F618-83EA-FC2A63C95C695DE2;expires=Thu, 14-Aug-2036 18:06:51 GMT;path=/ Set-Cookie: JSESSIONID=5830c6af87347653162d;path=/ Set-Cookie: JSESSIONID=58306716ee5147312325;path=/ Date: Tue, 22 Aug 2006 18:06:51 GMT Transfer-Encoding: chunked Content-Language: en-US Content-Type: text/html; charset=UTF-8 Connection: close Server: JRun Web Server and when I specify a file name, i.e., www.mysite.com/index.cfm HTTP/1.x 200 OK Set-Cookie: CFID=403;expires=Thu, 14-Aug-2036 18:06:00 GMT;path=/ Set-Cookie: CFTOKEN=198147223344b822-370F6E0F-FA8D-A3A1-7DBB7449B52B95E0;expires=Thu, 14-Aug-2036 18:06:00 GMT;path=/ Set-Cookie: JSESSIONID=583084a34ff3c7d7f4e3;path=/ Date: Tue, 22 Aug 2006 18:06:00 GMT Transfer-Encoding: chunked Content-Language: en-US Content-Type: text/html; charset=UTF-8 Connection: close Server: JRun Web Server Note the double Set-Cookie in the site root call. I think I'm onto two issues, but since the client variable issue is the more "visible" problem, it made it look like the Set-Cookie was affecting the client variables. I know for sure that the Set-Cookie issue has nothing to do with the client variable issue because once I call my pages using a filename (and see that only on Set-Cookie is made), I still have the same issue where the client variables are not available anymore. Regards, Dave. > I think I uncovered the bug with the double Set-Cookie directive though. If I > called my site's root directory without specifying a file name (i.e., [quoted text clipped - 12 lines] > Set-Cookie: JSESSIONID=5830c6af87347653162d;path=/ > Set-Cookie: JSESSIONID=58306716ee5147312325;path=/ > and when I specify a file name, i.e., www.mysite.com/index.cfm > [quoted text clipped - 4 lines] > 14-Aug-2036 18:06:00 GMT;path=/ > Set-Cookie: JSESSIONID=583084a34ff3c7d7f4e3;path=/ Is the complete application.cfm executed twice perhaps? Put a cflog in it and that should be pretty obvious. Also, what is in the cgi variables and specifically in cgi.path_translated? > I think I'm onto two issues, but since the client variable issue is the more > "visible" problem, it made it look like the Set-Cookie was affecting the client > variables. I know for sure that the Set-Cookie issue has nothing to do with the > client variable issue because once I call my pages using a filename (and see > that only on Set-Cookie is made), I still have the same issue where the client > variables are not available anymore. Can you approach this from the database side, i.e. turn up debugging in the database and see which queries are executed to store and retrieve the client variables? Jochem SignatureJochem van Dieten Adobe Community Expert for ColdFusion Ahhhhh Jochem...you're on to something. Sure enough, the Application.cfm is definitely getting hit on each call. I put in a cflog as you suggested and two hits to the log file occur on each call. The question now becomes: Why? I grep-ed my code and I'm not explicitly calling the Application.cfm file anywhere (not that you can anyway, to my knowledge. I first thought it was because I had an include of an environment.cfm file in the Application.cfm file (which simply contains the <cfapplication> tag directive), but even when I put its contents directly into the Application.cfm file, the log file gets hit twice. In reference to your second question about digging into the client variable queries, I downloaded the SeeFusion trial and installed the JDBC wrapper around the client storage datasource. The queries look good, and, sure enough, when I use the SeeFusion datasource for my client storage value, the client variables stick as they should!! However, once I switch back to the regular datasource (that uses the standard DataDirect driver that comes with CFMX), the client vars disappear again. So there's progress, but I'm not sure what to make of all of it just yet! I'm especially baffled at the double Application.cfm hit. Thanks for the continued help. Regards, Dave. Oh yeah, as a follow-up to the client storage datasource working when using SeeFusion's JDBC wrapper vs. the CFMX driver, here's the two JDBC URLs, if that helps: SeeFusion: jdbc:seefusion:wrapper:{jdbc:macromedia:oracle://xxx:1526; SID=xxxxx; sendStringParametersAsUnicode=false; MaxPooledStatements=0}; CFMX Driver: jdbc:macromedia:oracle://dev3:1526;SID=reisdev;sendStringParametersAsUnicode=fal se;MaxPooledStatements=300 I don't know what the difference is between having MaxPoolStatements=0 vs. 200 is, but I don't think that's the issue, is it? Regards, Dave. > Ahhhhh Jochem...you're on to something. Sure enough, the Application.cfm is > definitely getting hit on each call. I put in a cflog as you suggested and two > hits to the log file occur on each call. The question now becomes: Why? I > grep-ed my code and I'm not explicitly calling the Application.cfm file > anywhere (not that you can anyway, to my knowledge. You can cfinclude Application.cfm in another template. (It is pretty common to create a form of inheritance by putting a cfinclude of ../Application.cfm in your Application.cfm.) I have had this problem once in my development environment. When I requested a directory listing of a directory with only an Application.cfc in it I got an error because Application.cfc was exected. I just kicked of the batchfile to rebuild the environment and went for coffee, and when I came back the problem was gone so I never reported it to Adobe. Do you have a 404 handler? Is your browser requesting a favicon? Can you install the livehttpheaders plugin for Firefox and test again to make sure that your browser is not issueing 2 requests? > In reference to your second question about digging into the client variable > queries, I downloaded the SeeFusion trial and installed the JDBC wrapper around [quoted text clipped - 3 lines] > (that uses the standard DataDirect driver that comes with CFMX), the client > vars disappear again. But what if you push up logging in your database itself to log every query? Jochem SignatureJochem van Dieten Adobe Community Expert for ColdFusion Hi Jochem. First off, sorry for the delay. I was out of the office for a few days and didn't have access to my machine for testing. Anyway, to your questions... Yeah, I'm aware of the cfinclude of an Application.cfm within another. I do it myself with a couple of my site's sub-applications, but I'm just not doing that in this case. No, I do not have a 404 error handler because this is just my test development server (where I want to see the raw error, as you can imagine). Yes, I do have a favicon.ico set up, but since the JRun web server is only looking for .cfm and .cfc file extensions to process requests, this shouldn't matter, should it? I've been using the LiveHTTPHeaders plugin all along because that's really the only HTTP header traffic sniffer that I've used that is easy to use. I have indeed verified that only one call is being made initially, though I do still see the double Set-Cookie for the JSESSIONID value. Here's the header info: http://beast:8200/ GET / HTTP/1.1 Host: beast:8200 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 30 Connection: keep-alive Cookie: CFTOKEN=cd66f9c3ae893ece-387E344E-CF17-972D-DF98CD673C3286F7; CFID=512; CFADMIN_LASTPAGE=%2FCFIDE%2Fadministrator%2Freports%2Findex%2Ecfm HTTP/1.x 200 OK Set-Cookie: JSESSIONID=58304dfaaee416a23179;path=/ Set-Cookie: JSESSIONID=5830e0e55e3c76195d7f;path=/ Date: Mon, 28 Aug 2006 15:42:59 GMT Transfer-Encoding: chunked Content-Language: en-US Content-Type: text/html; charset=UTF-8 Connection: close Server: JRun Web Server The very next header, incidentally, after the above call is the favicon.ico call: http://beast:8200/favicon.ico GET /favicon.ico HTTP/1.1 Host: beast:8200 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 Accept: image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 30 Connection: keep-alive Cookie: CFTOKEN=cd66f9c3ae893ece-387E344E-CF17-972D-DF98CD673C3286F7; CFID=512; CFADMIN_LASTPAGE=%2FCFIDE%2Fadministrator%2Freports%2Findex%2Ecfm; JSESSIONID=5830e0e55e3c76195d7f HTTP/1.x 200 OK Last-Modified: Wed, 09 Feb 2005 15:33:28 GMT Connection: close Date: Mon, 28 Aug 2006 15:42:59 GMT Content-Length: 1005 Server: JRun Web Server Notice that only one JSESSIONID is sent, and it's the second value set in the Set-Cookie directives from above. As for logging in the database itself, I'll have to coordinate that with my DBA to get access to that stuff. I have "deep" access to our development server, but not to the logging tables. I have him setting that access up for me now. Regards, Dave. > Hi Jochem. First off, sorry for the delay. I was out of the office for a few > days and didn't have access to my machine for testing. [quoted text clipped - 8 lines] > only looking for .cfm and .cfc file extensions to process requests, this > shouldn't matter, should it? The favicaon request will be served by the built-in webserver, but application.cfm/c won't run. Jochem SignatureJochem van Dieten Adobe Community Expert for ColdFusion I found out why the Application.cfm file is executing twice. I'm using the Milonic DHTML menu system, and the menu_data file (that creates the menu items), is a CFM file rather than a JS file because the options are dependent on certain credentials. So I have this where I want the menu to display: <script language="javascript" type="text/javascript" src="/lib/js/milonic/menu_data.cfm"></script> Because the <script> tag is executed external to the page request, the Application.cfm file gets hit twice. I *have* to keep this as a CFM file though. Do you have any thoughts on this? I know we're kind of handling two issues at once now, but this is pretty critical for me. Then again, is it really even a problem? Regards, Dave. > I found out why the Application.cfm file is executing twice. I'm using the > Milonic DHTML menu system, and the menu_data file (that creates the menu [quoted text clipped - 9 lines] > issues at once now, but this is pretty critical for me. Then again, is it > really even a problem? This is not the problem. I have reproduced the double jsessionid in the headers, but I don't have any problem with client variables so that appears to be a red herring. Jochem SignatureJochem van Dieten Adobe Community Expert for ColdFusion Hi Jochem. I'm onto something, but I'm not sure where to go from here. We have a layout header file that does a bunch of client variable <cfset>s at the top of the page (our authentication and authorization process, essentially). I put <cflog> tags after every <cfset> of a client variable to make sure that each line was being hit. It was. If I then do a select from the CDATA table before requesting a new page, *those client variables are not in the DATA column for that CFID in the database!* This is why subsequent pages are "losing" the client variables and making it look like I've never logged in before. I'm beginning to think that the bug is this: Client variables do not *updated* for a given CFID. The initial INSERT works fine (we have two client variables that are set to default values at the top of the layout file and they get stored fine initially). It's the subsequent UPDATEs for that CFID that fail. I am trying like hell to get the Spy feature of the DataDirect drivers working, but it just doesn't want to log. I'm following this TechNote (http://www.adobe.com/go/42dcb10a), and nothing ever gets written to the spy.log file that I create. Does it work for you? Here's my connect info: jdbc:macromedia:oracle://servername:port;SID=SIDname;SpyAttributes=(log=(file)/p ath/to/spy.log;logTName=yes;timestamp=yes) Obviously, I have changed the relevant bits for security reasons, but that's my string, yet nothing gets logged to the spy.log file. If I can get that working for the clientstorage datasource, that'll give me a lot of more insight into what's being passed. Until then, I'm flying blind... Regards, Dave. AAAAAAAARRRRRRRGGGGGGGHHHHHHHH!!!! I GOT IT!!!!! I'm frustrated with Adobe right now, but I finally got to the bottom of the client variable issue. You know how the ColdFusion updaters are supposed to be cumulative? Yeah, well, not so much. It turns out that the CFMX 7.0.2 release is shipping with the DataDirect 3.3 JDBC drivers. Further, it looks like something in the client variable code between MX 6.1 and 7.0.2 regressed such that the updates of client variables under-the-hood broke with the pre-3.5 driver set. Once I updated to the 3.5 drivers, everything worked, including the Spy feature and the client variable updates. Adobe, this needs to be fixed ASAP. That is a huge show-stopper for site that uses client variables. I don't know if it's limited to Oracle because I don't have other RDBMS platforms to test against, but this is a big problem. The fix here is to update the downloadable installers from your site with the 3.5 drivers *and* update the 7.0.2 Release notes to note that the 3.5 driver set isn't in any downloaded bits prior to whenever you update the installers. Jochem, thanks so much for your persistence in helping me through this issue. Regards, Dave. Great Work! Be careful with the upgrade from 3.3 drivers to 3.5 drivers. I have several old Oracle stored procedures that use the Oracle WITH clause (http://www.dba-oracle.com/t_with_clause.htm) and when I updgraded the drivers, I would occasionally see "No more data to read" errors. I know how to provoke the error but I can't understand why/reason for it needing to happen. I've been able to duplicate the error on other peoples dev environment but we've resigned to accepting that the Oracle WITH clause is not officially supported but because of a bug it works on 3.3 and not 3.5 drivers. Good luck! |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.