CFHttpSession.cfc Fixed And Added To Projects

Posted May 28, 2008 at 8:45 AM

Tags: ColdFusion

A while back, I created CFHttpSession.cfc, a ColdFusion component that wraps around ColdFusion's CFHttp tag to maintain a session across multiple CFHttp requests. It does this by capturing returned cookie information from each response and sending it back with the subsequent CFHttp requests. As part of that blackbox, the CFHttpSession.cfc also handled sessions when the response headers requested a relocation. As Toby Reiter pointed out, however, my relocation was breaking if the response headers contained an absolute-relative link - one that starts with a slash. Example:

/sub-folder/index.cfm

I had only been expecting relative locations (ex. ../../index.cfm) and absolute locations (ex. http://....). Now, I have added code that checks for the third type of location - the absolute-relative (ex. /sub-folder/index.cfm).

This new code can be downloaded from my new CFHttpSession.cfc Project page.

Post Comment  |  Ask Ben  |  Permalink  |  Other Searches  |  Print Page




Learning ColdFusion 9 - ColdFusion 9 tutorials, samples, examples, demos

Reader Comments

Michael Kassing
Jun 4, 2008 at 12:29 PM // reply »
1 Comments
1 Points

CF 8?


Post Comment  |  Ask Ben

Recent Blog Comments
Darren
Nov 20, 2009 at 5:38 PM
Learning ColdFusion 8: CFImage Part I - Reading And Writing Images
Hi Ben, Great article. I've been looking around to see if ColdFusion image engine can programatically create the following "wrap around" effect: http://www.creativepro.com/article/photoshop-s-she ... read »
Todd Rafferty
Nov 20, 2009 at 5:35 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
@Dave: I talked to Gert he suggested: <cfhttp method="get" url="http://{some cf website}" result="stuff" addtoken="yes" /> Note the addition of cfhttp attribute addtoken. That should persist y ... read »
Ben Nadel
Nov 20, 2009 at 5:23 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
@Todd, Ahh, gotcha, yeah that makes sense. ... read »
Todd Rafferty
Nov 20, 2009 at 5:17 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
Ben, sorry if I didn't make this clear. You can make it work like that if you want, just put <cfset session.foo = 1> (and <cfset application.foo = 1>) in your OnRequestStart() and it reve ... read »
Ben Nadel
Nov 20, 2009 at 5:07 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
@Todd, I have seen tidbits about the way Railo handles session. I can understand that it lazy-loads sessions, but I also think that I might make some things more complicated. For example, often tim ... read »
Todd Rafferty
Nov 20, 2009 at 4:53 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
Ben, you can ramp up the security by turning on J2EE session which gives you a third set of numbers other than CFID/CFTOKEN. There's a reason why ACF put this in place (other than just session replic ... read »
Todd Rafferty
Nov 20, 2009 at 4:52 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
Case in point, Ben, you may not be aware of this, but in Railo - OnApplicationStart() & OnSessionStart() act differently than in ACF. ACF does: OnApplicationStart (1st hit) OnSessionStart (1st and e ... read »
Ben Nadel
Nov 20, 2009 at 4:46 PM
Maintaining ColdFusion Sessions Across SMS Text Message Requests Without Cookies
@Todd, That's understandable. I am not sure if this really leaves any more security holes than the fact that using old cookie-based CFID / CFTOKEN values will create a new session using the old CFI ... read »