My URL breaks because of jsessionid - coldfusion

I have a serious problem with jsessionid that is automatically pasted into my url. This extra value looks like this:
;jsessionid=5046392DAA8687BE348FB51B57B69DB3.cfusion
This is pasted into my url causing Page Not found error because it is pasted in the middle of url like this:
https://mycompany.com;jsessionid=5046392DAA8687BE348FB51B57B69DB3.cfusion/index.cfm?p=home&home=current
But this is only happening when I open the link in IE (mine is IE 11).
When I open it in FireFox or Chrome I don't get this problem. It normally shows up as:
https://mycompany.com/index.cfm?p=home&home=current
My link looks like this:
<a id="#url.home#" href="index.cfm?p=home&home=current" target="iframe_main">HOME</a>
But at home.cfm On top of the page I have:
<CFIF IsDefined("session.usergroup") AND session.usergroup EQ 0>
<CFLOCATION url="/index.cfm?p=home&form=current&loginerr=Your session is expired. Please re-login again">
<CFELSE>
show the page
</CFIF>
I tried using AddToken = "NO" attribute in the CFLOCATION. This will eliminate my problem in IE BUT I get a new problem. My session does not work!!
My Dep is switching to ColdFusion2016 and I'm working on this in CF2016.
Is there a way to fix this issue? please help, thank you!

Related

Coldfusion cflocation strange behavior

I am storing a google review URL in my database as:
https://www.google.com/search?CFID=ac59cfdf-bbad-4017-9759-e88054f3f242&CFTOKEN=0&q=njcomputerrepair%2Bbrick%2Bnj&oq=njcomp&aqs=chrome.1.69i60j69i59j69i60j69i57j0l2.2762j0j9&sourceid=chrome&ie=UTF-8#lrd=0x89c18348735c2907:0x59aa614832a36b22,3,
And then in my application I set that URL to a variable and I redirect the user to that URL using cflocation.
<cfquery name="geturl" datasource="#datasource#">
select (residential_ReviewURL) as redirectURL
from subscribers
</cfquery>
<!--- Redirect to main html redirect page --->
<cfoutput>
<cflocation url="#getURL.redirectURL#">
</cfoutput>
However the URL gets changed at some point because I think that Coldfusion doesn't like the characters in the URL and it replaces them with % or removes them. Therefore when the user hits the google page, the page doesn't process as it should.
Here is how the URL looks after the redirect:
https://www.google.com/search?CFID=ac59cfdf-bbad-4017-9759-e88054f3f242&CFTOKEN=0&CFID=ac59cfdf-bbad-4017-9759-e88054f3f242&CFTOKEN=0&q=njcomputerrepair%2Bbrick%2Bnj&oq=njcomp&aqs=chrome.1.69i60j69i59j69i60j69i57j0l2.2762j0j9&sourceid=chrome&ie=UTF-8#lrd%3D0x89c18348735c2907%3A0x59aa614832a36b22%2C3%2C
How can I stop ColdFusion from changing the URL and keep id exactly as how it is stored in the database?
UPDATE
So I found that URLdecode will preserve the string. Here is what I have.
#urlDecode(getURL.redirectURL)#
The output is as follows
https://www.google.com/search?CFID=ac59cfdf-bbad-4017-9759-e88054f3f242&CFTOKEN=0&q=njcomputerrepair+brick+nj&oq=njcomp&aqs=chrome.1.69i60j69i59j69i60j69i57j0l2.2762j0j9&sourceid=chrome&ie=UTF-8#lrd=0x89c18348735c2907:0x59aa614832a36b22,3,
Why is it adding CFID and CFTOKEN to the URL though? I have it turned off in my Application.CFM:
<cfapplication name="yaya"
clientmanagement="no"
sessionmanagement="no"
setclientcookies="no"
setdomaincookies="no"
sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
>
To help others coming here:
cflocation have a parameter addToken which needs to set to no if we do not want to add CFID and CFTOKEN to the generated URL.
Adobe CFML reference: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-j-l/cflocation.html

coldfusion 10 cfinclude gives site cannot be reached error

I have a action page that redirects to a page based on condition.
I thought of Including that page insted of redirection.
So i used cfinclude function to include this file.
But including that file doesn't work.
But when i open that page in browser it is working fine without error.
For Ex.
http://domain.com/page2.cfm?cutomerID=10
is working fine.
IN http://domain.com/page1.cfm
I am including below code.
<cfset url.customerID = 10>
<cfinclude template="page2.cfm">
Even i tried to add only HTML content which i get in page source for "http://domain.com/page2.cfm?cutomerID=10"
It is still not working including a coldfusion page with just html text without any coldfusion code.
Strange thing is When i tried to remove some text from this html content it works for some time but when i reload it stops and give the below error again.
I am not sure if cfinclude has to do anything page length or some other factors.
Screenshot for error is attached below.
Error Screenshot Image
If you are asking for a link you can have it as:
<cfoutput>
<cfset href="domain.com/page2.cfm?customerID=#customerid#&etc=#etc#" />
</cfoutput>
For your question you can use this:
<cfset custID = 10/>
<cfinclude template="page2.cfm">
In page2.cfm:
<cfif isDefined(url.customerID) || isDefined(custID)>
<!--- your etc code here --->
</cfif>
Note: If you don't want to use url.customerID you can simply delete the occurance

URL Rewrite with IIS using ColdFusion

I've done a bit of searching but just can't put it all together. Here's what I need:
I'd like someone to surf to:
www.mysite.com/thisPlace
and have it redirect them to
www.mysite.com/template.cfm?pm=ms&loc_id=4
To do so, I somehow need to capture that they didn't request an existing file in their http request and run a .cfm page that queried the database for a record where locationName = 'thisPlace' and then redirect them to a page like
template.cfm?pm=ms&loc_id=4, where 4 is the record id of the row that matched 'thisPlace'
If your default document in IIS is set to index.cfm you could create a folder (directory) called "thisPlace" and place an index.cfm file that contains nothing but a <cflocation> tag and the accompanying query/logic to figure the URL.
Website.com/thisPlace would then function as you describe.
Edit:
You could add a custom 404 page...
Make it a .cfm file instead of html. Scan the template path to see what the user is looking for. If you find it in your database, redirect them there, else redirect them to a general 404 page.
<!---Up to a certain point (the directory in which you store your code) this will always be the same so you can hard-code your number --->
<cfset QueryConstant = #LEFT(CGI.CF_Template_Path, 22)#>
<!---Find the overall length of the template path. --->
<cfset QueryVariable = #Len(CGI.CF_Template_Path)#>
<!---Take whatever is past your QueryConstant (AKA the string that produces a 404 error.) --->
<cfset theRightNumber = QueryVariable - 22>
<cfset QuerySearchString = #RIGHT(CGI.CF_Template_Path, theRightNumber)#>
<cfquery name="ListOfLocations" datasource="CRM">
SELECT TOP 1 LocationID
FROM LocationTable
WHERE LocationName LIKE '%#QuerySearchString#%'
</cfquery>
<cfif ListOfLocations.recordcount>
<cflocation url="/SomePage.cfm?LocationID=#ListOfLocations.LocationID#">
<cfelse>
<cflocation url="/Regular404page.html">
</cfif>
Thanks guys! Huge help! Using your inputs, here's what I did:
(had to use QUERY_STRING instead of CF_Template_Path, as CF_Template_Path did not pass along anything after the url of the custom error page.
I set up a custom 404 error Execute URL in IIS to a file named check404error.cfm.
When someone looks for www.example.com/thisPlace, IIS sends them to http://www.example.com/check404error.cfm. I use the CGI.QUERY_STRING (404;http://www.example.com:443/thisPlace) to ultimately get the "thisPlace" string to search with.
<!---Up to a certain point (the directory in which you store your code) this will always be the same so you can hard-code your number --->
<cfset QueryConstant = #LEFT(CGI.QUERY_STRING, 31)#>
<!---Find the overall length of the template path. --->
<!---31 is the length of '404;http://www.example.com:443/' --->
<cfset QueryVariable = #Len(CGI.QUERY_STRING)#>
<!---Take whatever is past your QueryConstant (AKA the string that produces a 404 error.) --->
<cfset theRightNumber = QueryVariable - 31>
<cfset QuerySearchString = #RIGHT(CGI.QUERY_STRING, theRightNumber)#>
<cfquery name="ListOfLocations" datasource="#request.dsn#">
SELECT location.id
FROM location WHERE url_name = <cfqueryparam value="#QuerySearchString#" cfsqltype="CF_SQL_VARCHAR" maxlength="255"> LIMIT 1
</cfquery>
<cfif ListOfLocations.recordcount>
<cflocation url="https://example.com/template.cfm?pm=ms&loc_id=#ListOfLocations.id#" addtoken="no" statusCode="301">
<cfelse>
<cflocation url="/404error.cfm" addtoken="no">
</cfif>
This is how most popular MVC Framework work today, by parsing out the URL segments.
Do you have access to any kind of URL rewrite software?
Since you are using IIS it has a built in rewrite engine where you could simply rewrite these kind of requests to a known file saving you the overhead of sending a 404 reply and parsing that out and having more request created as a result of that.
See http://wiki.coldbox.org/wiki/URLMappings.cfm for details. We use the Isapi rewrite version version to do just what you are asking for
Receive request for www.mysite.com/thisPlace
thisPlace isn't a directory
thisPlace isn't a file
Resend to index.cfm or a location of your chosing for additional parsing
Helicon Rewrite sends an HTTP header named HTTP_X_REWRITE_URL with the original requested URL so parsing it out is then very easy.
This all happens inline withing the one request so the client is never redirected.

cf10 unable to add text to HTML Head

I am getting the following error on a page we are loading:
coldfusion.runtime.CfErrorWrapper
Unable to add text to HTML HEAD tag.
[empty string]
caused by
Template
Unable to add text to HTML HEAD tag.
ColdFusion was unable to add the text you specified to the output stream. This is probably because you have already used a CFFLUSH tag in your template or buffered output is turned off.
I've done a sweep of all the files that are included in our application and cannot find anything that uses CFFlush.
output is set to 'no' on all cfcs and components. I also tried adding cfsetting showdebugoutput = no in a file. That didn't help.
I turned request debugging on in cfadmin and that didn't help.
The HTML Head works fine in other parts of our app, it just seems to be on this one page.
The only thing really different about this page is that it is a particularly long page.
If it's a particularly long page, then CF may be flushing the buffer on its own. If you check in the CFAdmin, on the settings page, there is a setting for Maximum Output Buffer size. I believe the default is 1024 KB. If your page is over 1 meg of content, then CF may flush the buffer before your <cfhtmlhead /> tag runs. Try increasing the buffer size, or changing the placement of the <cfhtmlhead /> tag to see if that corrects the issue.
I've run into the same problem recently but the behavior wasn't predictable. I believe that Dan Short's answer is correct. I created some test pages to see if I could reproduce the problem. Each time TestTemplate.cfm is included, CFHTMLHEAD writes a simple JavaScript alert to the head tag. Once the buffer is reached, and the page is automatically flushed, any subsequent CFHTMLHEAD tag use will result in an error, specifically, the error in the original post. As Dan indicates, you can work your way around this issue by changing the maximum output buffer size.
file: index.cfm
<html>
<head><title>Test Page</title></head>
<body>
<cfset SampleScript = "<script src='sample.js'></script>">
cfset Count = 0>
<cfinclude template="TestTemplate.cfm">
<cfinclude template="TestTemplate.cfm">
<cfinclude template="TestTemplate.cfm">
</body>
</html>
file TestTemplate.cfm
<cfhtmlhead text="#SampleScript#">
<cfset Count++>
<cfoutput>
<h1>Count #Count#</h1>
</cfoutput>
<cfoutput>
<cfloop from="1" to="100000" index="i">
<cfscript>
j = randRange(i, 1000000);
k = randRange(i, 1000000);
l = j * k;
writeOutput(l);
</cfscript>
</cfloop>
</cfoutput>
file sample.js
alert('Boo!');
server.log showed another error that I was submitting too many fields with a POST request. I had to increase this limit on the Settings page.
To fix this, login to Coldfusion Admin, go to Memory Variables, and uncheck 'Disable updating Coldfusion internal cookies using Coldfusion tags/functions.' Save your settings and restart your website.

Cflocation bug / new feature in ColdFusion 9 - URL appending twice

When a user logs in and is redirected to a secured page, the url is getting appended twice like a list. This in turn causes a 404.
(example: http://uwf.edu/something.cfm,http://uwf.edu/something.cfm)
Currently, the site has a custom login tag which I am unable to edit as I do not have control over it. (It's just a custom cf tag that allows people to login at the university.)
I have to do additional processing after this tag to verify that they are eligible to login on this particular site. Once they have been verified, they are re-directed to another page with cflocation.
<custom login tag>
<cfinvoke component="#application.path#cfc/security" method = "constructSession" returnvariable = "status">
.. params excluded..
</cfinvoke>
<cfif status eq 1>
<cflocation url="#someurl_invalid#" addtoken="no" />
<cfelse>
<cflocation url="#someurl#" addtoken="no" />
</cfif>
The custom login tag refreshed the current page already, but I obviously do not want that and thus had used the above method to re-direct. This worked in ColdFusion 8.
I read this article: http://www.bennadel.com/blog/2050-Changes-In-CFLocation-OnRequestEnd-Behavior-In-ColdFusion-9-s-Application-cfc.htm
The article gave me some insight as to what is going on...but I am unsure how to fix the issue.
Does anyone have any solutions?
Since you don't have control over the custom tag, you'll have to work around the issue instead of fixing it.
I would recommend changing the code:
<cfif status eq 1>
<cflocation url="#ListFirst(someurl_invalid)#" addtoken="no" />
<cfelse>
<cflocation url="#ListFirst(someurl)#" addtoken="no" />
</cfif>
It's not pretty but will work whether the URLs are lists or not.