Yesterday, I was debugging a page on a live site. This is, of course, not the best practice, but let's face it, sometimes you gotta do what you gotta do. The biggest problem with debugging on a live site is that any changes you make to a page can be seen by any other user that is concurrently using that page. To get around this as much as possible, I will do things like CFDump out a variable only if a certain key is in the URL. For example:
<!--- Check for debugging-user request. ---> <cfif StructKeyExists( URL, "please" )> <!--- Output form variables. ---> <cfdump var="#FORM#" label="Form Variables" /> </cfif>
This works sometimes, but not all the time, especially if you are trying to debug errors in form processing and redirect logic where the URL parameters don't always get passed along. I started to think about ways in which I could more easily identify myself as the only person who should see a piece of output. I could work with the IP address, but something about that just seems a bit off; first I'd have to get the IP (yeah, I know that's not hard), but then what if it changes. Does the office have a static IP? A dynamic IP? I don't know, and frankly, I don't want to think about it.
And then it occurred to me, why not just change the way my browser announces itself. This would, of course, be the user agent. So that's what I did. I went into the FireFox configuration (put about:config in the URL field) and created a User Agent override (new string value):
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:188.8.131.52) Gecko/20070725 Firefox/184.108.40.206 (DEVELOPER)
For the user agent override, I have taken a standard FireFox user agent (which I keep as a Code Snippet in HomeSite) and added (DEVELOPER) to the end of it. Now, when my browser announces itself, it will appear as a standard browser, but will allow me to check for the (DEVELOPER) flag. Now, my debugging output can look like this:
<!--- Check to see if current browser is in debugging mode. ---> <cfif Find( "(DEVELOPER)", CGI.http_user_agent )> <!--- Output form variables. ---> <cfdump var="#FORM#" label="Form Variables" /> </cfif>
I like this code a whole lot better. It seems much more explicit in the "intent" of the code. In my first example, I checked for "please". The function of that doesn't feel obvious. Now, when I check for "Developer" in the user agent, the intent of my code feels so much cleaner, so much more explicit. And, I have to believe that feeling means it's more correct.
_But, isn't depending on the user agent override a security issue? _
Sure, if you are dumping out things like DSN information. But, really, that's not what we're usually doing when we debug on the live server. We're really dumping out variables that pertain to the current user (you) and this can never really be a security issue.
Anyway, I thought this was a neat little trick.
Want to use code from this post? Check out the license.