Unable to parse __utmz cookie - cookies

We use GA for tracking and part of the tracking involves storing the __utmz cookie value in our DB. I have a problem in understanding why is CF 10 not able to parse the __utmz cookie.
CF10 is not parsing or properly retrieving the value of __utmz cookie Or just about any cookie value that has an 'equal (=)' sign in it other than the CFGLOBALS.
Here is the screen shot of the issue (using CFDUMP of COOKIE scope) -
What it should look like -
What it is looking like -
Server Config: CF10, IIS 7.5, Win 2k8

Ok! I found the way to mitigate this problem. By using the GetHttpRequestData() method.
<cfscript>
_cookie = GetHttpRequestData().headers.cookie;
</cfscript>
This will return an ; delimited list of cookie values. I used regEx to pick the __utmz value I needed.

I just ran into this problem. Some code that was working in CF8 stopped working in CF10. I created this function to get the raw cookie value:
<cffunction name="GetRawCookie" output="false" returntype="string">
<cfargument name="cookieName" type="string" required="true">
<cfset local.cookies = GetHttpRequestData().headers.cookie>
<cfset local.cookieValue = "">
<cfset local.match = reFindNoCase("(?:^|;)\s*" & arguments.cookieName & "=([^;]+)", local.cookies, 1, true)>
<cfif local.match.pos[1] gt 0>
<cfset local.cookieValue = mid(local.cookies, local.match.pos[2], local.match.len[2])>
</cfif>
<cfreturn local.cookieValue>
</cffunction>

Related

ColdFusion session variable is GONE in IE11

My coldfusion session variable failed in IE. I have no problem with maintaining the session across pages in FireFox and Chrome. Similar question has been posted here and the solution was to check J2EE session variable in Administrator. The different in my case is that I have J2EE session checked in Admin page and also I have the following in my Application.cfc
<cfset THIS.Name ="New_Site_Version1"/>
<cfset THIS.ApplicationTimeout = CreateTimeSpan(0,0,30,0) />
<cfset THIS.SessionManagement ="YES"/>
<cfset THIS.SessionTimeout = CreateTimeSpan( 0,0,30,0 ) />
<cfset THIS.SetClientCookies = "YES" />
<cffunction name="OnSessionStart" access="public" returntype="void" output="false">
<CFIF IsDefined("URL.user_ID")>
<CFSET SessionObj = New cfcomponents.Main.ManageSessions()>
<CFSET SessionObj.CreateUserSessions(URL.user_ID)>
</CFIF>
</cffunction>
I also have session cookies checked in Admin
When I checked, the session was created in Application.cfc but soon after I clicked on a link, it's gone!
It only happen in IE.
Is there any work around?
"This" application scope is not the "Session" application scope. You may need to review your variable scope when instantiating variables that should be available to other modules in your application. You can do that here:
https://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec09af4-7ff1.html
When you instantiate a ColdFusion application you use the CFAPPLICATION tag detailed here:
https://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7d69.html

Issue migrating from Adobe Coldfusion 10 to Lucee 4.5.1 - accessing structure

I'm currently attempting to migrate my site from Adobe Coldfusion 10 to Lucee 4.5.1.
I'm getting the following error: key [TITLE] doesn't exist.
The code I was using was:
<cfset variables.title = ress.title.welcome>
The code that I need to fix the issue seems to be:
<cfset variables.title = ress["title.welcome"]>
I'm using JavaRB and loading a properties file (onRequestStart()) and setting it to the variable ress.
<cfset ress = utilObj.getResourceBundle()>
Is there an alternative other than going through my code to fix all the references? Is there a setting in the server to exhibit the old behavior?
Update #1
Properties files looks like this:
# #comment
title.welcome=Content here
Update #2
This currently works on CF10 Developer on Windows 2008 R2 and CF10 on my shared host which is also Windows Server. I will also acknowledge that this is old code :)
JavaRB returns a structure from the content of the file:
var resourceBundle=structNew(); // structure to hold resource bundle
...
<cfreturn resourceBundle />
Partial CFC and method calls...
<cfcomponent name="utils" output="false">
<cfset this.ress = "">
<cffunction name="init">
<cfscript>
this.ress = loadResourceBundle();
</cfscript>
<cfreturn this>
</cffunction>
<cffunction name="loadResourceBundle" access="public" output="true">
<!--- Get javaRB --->
<cfinvoke component="#application.cfcPath#.javaRB" method="init" returnvariable="rb">
</cfinvoke>
<cfscript>
rbFile = GetDirectoryFromPath(expandpath("/resources/")) & "mgs.properties";
</cfscript>
<cfreturn rb.getResourceBundle("#rbFile#")>
</cffunction>
...
</cfcomponent>
<cfcomponent displayname="javaRB" output="no">
<cffunction access="public" name="init" output="No">
<cfscript>
rB=createObject("java", "java.util.PropertyResourceBundle");
fis=createObject("java", "java.io.FileInputStream");
msgFormat=createObject("java", "java.text.MessageFormat");
locale=createObject("java","java.util.Locale");
</cfscript>
<cfreturn this>
</cffunction>
<cffunction access="public" name="getResourceBundle" output="No" returntype="struct" hint="reads and parses java resource bundle per locale">
<cfargument name="rbFile" required="Yes" type="string" />
<cfargument name="rbLocale" required="No" type="string" default="en_US" />
<cfargument name="markDebug" required="No" type="boolean" default="false" />
<cfscript>
var isOk=false; // success flag
var keys=""; // var to hold rb keys
var resourceBundle=structNew(); // structure to hold resource bundle
var thisKey="";
var thisMSG="";
var thisLang=listFirst(arguments.rbLocale,"_");
var thisDir=GetDirectoryFromPath(arguments.rbFile);
var thisFile=getFileFromPath(arguments.rbFile);
var thisRBfile=thisDir & listFirst(thisFile,".") & "_"& arguments.rbLocale & "." & listLast(thisFile,".");
if (NOT fileExists(thisRBfile)) //try just the language
thisRBfile=thisDir & listFirst(thisFile,".") & "_"& thisLang & "." & listLast(thisFile,".");
if (NOT fileExists(thisRBfile))// still nothing? strip thisRBfile back to base rb
thisRBFile=arguments.rbFile;
if (fileExists(thisRBFile)) { // final check, if this fails the file is not where it should be
isOK=true;
fis.init(thisRBFile);
rB.init(fis);
keys=rB.getKeys();
while (keys.hasMoreElements()) {
thisKEY=keys.nextElement();
thisMSG=rB.handleGetObject(thisKey);
if (arguments.markDebug)
resourceBundle["#thisKEY#"]="****"&thisMSG;
else
resourceBundle["#thisKEY#"]=thisMSG;
}
fis.close();
}
</cfscript>
<cfif isOK>
<cfreturn resourceBundle />
<cfelse>
<cfthrow message="#e.message#" detail="#e.detail#" type="#e.type#" />
</cfif>
</cffunction>
...
</cfcomponent>
Update #3
FWIW, I used the Eclipse IDE and did a find replace using a regex and replaced it with a value...
regex: ((ress\.){1}(([a-z\.])+))
value: ress["$3"]
Update #4
So, using Lucee and MySQL, table names are case sensitive!?
Welcome to Adobe ColdFusion, where syntactical mistakes are not punished immediately.
<cfset ress = { "title.welcome": "Content here" }>
<cfoutput>#ress.title.welcome#</cfoutput>
<!---
>> outputs "Content here" in Adobe ColdFusion
>> throws an exception in Lucee/Railo
--->
The behavior in Adobe ColdFusion is misleading and plain wrong. "title.welcome" is a key that is supposed to be put in the struct ress. Instead the key is split into two structs with the keys "title" and "welcome", linked to each other and then put into the struct ress.
Your only chance to fix this issues is by adapting your getResourceBundle function. Here you need to refactor the lines with resourceBundle["#thisKEY#"] so that thisKEY creates a struct chain.

Setting up Session variable in Application.cfc

Hi I'm very new with ColdFusion 10 especially with Application.cfc. It is very confusing.
I created Application.cfc and inside this cfc I created the following:
My questions are:
1. Why do I get session error? (see my codes below)
2. What should I put in sessionEnd function?
<!--- Application.cfc --->
<CFCOMPONENT displayname="Application" output="true">
<cfset THIS.Name = "MyTestApp" />
<cfset THIS.ApplicationTimeout = CreateTimeSpan(0,0,60,0) />
<cfset THIS.SessionManagement = true />
<cfset THIS.SessionTimeout = CreateTimeSpan( 0, 0, 30, 0 ) />
<cfset THIS.SetClientCookies = false />
<cfset THIS.SetClientCookies = false />
<cffunction name="OnApplicationStart" access="public"
returntype="boolean" output="false">
<cfset application.Main_DSN = "MyTestDB">
</cffunction>
<cffunction name="onApplicationEnd" output="false">
<cfargument name="applicationScope" required="true">
</cffunction>
<cffunction name="OnSessionStart" access="public" returntype="void" output="false"
hint="Fires when user session initializes">
<cfset session.loggedin = "NO">
<cfset session.username = "">
<cfset session.userrights = "">
<cfset session.usergroup = "">
</cffunction>
<!--- After user login, I have checklogin.cfm --->
<cfif mylogin NEQ true><!--- Login failed, go redirect to login page --->
<cflocation url="login.cfm">
<cfelse>
<cfset session.loggedin = "YES"><!--- ??? error: see below --->
<cfset session.username = "#Trim(Form.username)#">
<cfset session.userrights = "#Trim(Form.userrights )#">
<cfset session.usergroup = "#Trim(Form.usergroup)#">
</cfif>
<cffunction name="onSessionEnd">
<!--- Not sure what can I put in here????? --->
</cffunction>
Your login code is outside any of the event handlers in your Application.cfc file, so that code will run first... before any of the event handlers!
The execution sequence of code in Application.cfc is:
code outside of any event handler (irrespective of where it is in the file)
onApplicationStart()
onSessionStart()
onRequestStart()
etc
So you cannot have code referencing the session scope (or application scope for that matter) outside the other event handlers. You can only start using session variables once onSessionStart() has fired. Not before.
What is the error message that you are getting?
You can really put anything in the session end. Anything that you would need to run to clean up after a session.
Maybe you want to update a log or send an email, clear a cookie, or redirect to a certain page.
EDIT:
Is everything else in the Application.cfc working for you? It seems like the onSessionStart event is not firing.
EDIT 2:*
Sorry for doing this via an answer but I need more rep to leave comments.
The session should start as soon as you connect to the application, you do not need to wait to be "logged in" as in verify credentials.
If the session variables do not exist then the event is not firing for some reason. Make sure you have the file name correctly and it is in the root folder of the application.
EDIT 3:
Your login code is not in the onSessionStart function, not in any function. Unless I misunderstood your comment and you were saying that code section is in the "checklogin.cfm" file and not in the Application.cfc file.
EDIT 4:
I need to jump on a client call but I can help some more after. We might need to take a look at part of the checklogin.cfm file.
EDIT 5:
Any luck?
EDIT 6:
Sorry for the delay, volume is ramping up this afternoon.
At this point I think I would either need to see the code that is doing the validation checking or ask if you are sure the validation is working correctly.
I assume you are connecting to a database, if you take the query you are using to verify the login credentials and run it in SQL server or whatnot inserting the values you would type into the form, do you get any results?
EDIT 7:
Figure it out, OP?

how to check if a file exists on Amazon S3 using Coldfusion fileExist?

I'm running Coldfusion8 and am uploading files to Amazon S3.
When displaying images, I want to check whether an image is available from S3 and if not show a fallback image. My problem is, don't know how to check for existing images.
If I list the link to an image, it's something like this:
http://s3.amazonaws.com/bucket/l_138a.jpg?AWSAccessKeyId=_key_&Expires=_exp_&Signature=_signature_
I'm trying to check for existing files like this:
<cfif fileExists("http://s3.amazonaws.com/bucket/s_" & items.filename)>
<cfdump output="e:\website\test\dump.txt" label="catch" var="found!!!">
</cfif>
Question:
Do I always have to provide accesskey, expires and signature when checking for an image? If I enter the image path without credentials in the browser, the image is loaded, so I don't understand why my fileExist is not working. Any idea?
You could use cfhttp if you have a site-wide page not found message set up.
<cfhttp url="http://a.espncdn.com/photo/2012/0813/nfl_u_flynn1x_203.jpg" method="head">
<cfdump var="#cfhttp.filecontent#">
returns object of java.io.ByteArrayOutputStream
<cfhttp url="http://a.espncdn.com/photo/20notanimage3.jpg" method="head">
<cfdump var="#cfhttp.filecontent#">
returns <html> <body> <h1>Error Processing Request</h1> </body> </html>
Can also check the statuscode returned by the server
<cfhttp url="http://a.file.exists.gif" method="head">
<cfdump var="#val(cfhttp.statuscode)#">
200 is ok, 404 is not found, etc
I've used the getObjectInfo method in the S3.cfc to see if an object exists:
<cffunction name="getObjectInfo" access="public" output="false" returntype="string"
description="Creates a bucket.">
<cfargument name="bucketName" type="string" required="yes">
<cfargument name="filekey" type="string" required="true" hint="" />
<cfset var data = "">
<cfset var content = "">
<cfset var contents = "">
<cfset var thisContent = "">
<cfset var allContents = "">
<cfset var dateTimeString = GetHTTPTimeString(Now())>
<!--- Create a canonical string to send --->
<cfset var cs = "HEAD\n\n\n#dateTimeString#\n/#arguments.bucketName#/#Arguments.filekey#">
<!--- Create a proper signature --->
<cfset var signature = createSignature(cs)>
<!--- get the bucket via REST --->
<cfhttp method="HEAD" url="http://s3.amazonaws.com/#arguments.bucketName#/#Arguments.filekey#">
<cfhttpparam type="header" name="Date" value="#dateTimeString#">
<cfhttpparam type="header" name="Authorization" value="AWS #variables.accessKeyId#:#signature#">
</cfhttp>
<cfreturn cfhttp.StatusCode />
</cffunction>
If I get a 200 status back, then I know the object exists.
I haven't used Coldfusion for a long time, but I did a quick lookup and the fileExists method seems to be for filesystem lookups, not remote URLs.
There are other Coldfusion methods for requesting URLs. One forum discussion on the subject I just quickly found is here: http://forums.adobe.com/thread/765614
But, assuming you're generating HTML to be consumed by a web browser I would suggest doing an image check / fallback in HTML/CSS/JS rather than server side. You could do this with CSS background-image tricks, or directly load and check images with JS. One question dealing with this that I found is here (there are probably a bunch of similar questions on this stuff): Inputting a default image in case the src attribute of an html <img> is not valid?
CF9 +
<cfscript>
FileExists('s3://#accessKey#:#secretKey##[your bucket]/[your file]');
</cfscript>

twitter4j.auth.AccessToken instantiating in ColdFusion

I'm working with ColdFusion 9.0.1 and latest (for current date) stable build of twitter4j library - twitter4j-core-2.2.4. I'm trying to create functionality which allows users to login or register at our site using their twitter accounts.
I was able to create authorization part: user click on the link on our site and system redirects him to twitter page. On this page he able to "Authorise" our application. After that system redirecting him back using callBackURL.
But I have a problem with next step. When I'm trying to setOAuthAccessToken and for that trying to instantiate AccessToken object with follow part of code:
accessToken = createObject( 'java', 'twitter4j.auth.AccessToken' ).init( 'myStoredRequestToken', 'myStoredRequestTokenSecret' );
But I have follow error:
An exception occurred while instantiating a Java object. The class
must not be an interface or an abstract class. Error: ''.
Any ideas?
Update:
The start part of stacktrace:
'coldfusion.runtime.java.JavaObjectInstantiationException: Object instantiation exception. at coldfusion.runtime.java.JavaProxy.CreateObject(JavaProxy.java:171) at coldfusion.runtime.java.JavaProxy.invoke(JavaProxy.java:80) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2360) at cftwitter2ecfc2084917956$funcGETUSERCREDENTIALS.runFunction(C:\inetpub\wwwroot_test\twPlayGrnd_com\twitter.cfc:36) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at ...
...cut here, not sure this is important...
the last part is
cfapplication2ecfc665259542$funcONREQUEST.runFunction(C:\inetpub\wwwroot_test\twPlayGrnd\application.cfc:55) ... 55 more Caused by: java.lang.IllegalArgumentException: Invalid access token format. at twitter4j.auth.AccessToken.(AccessToken.java:50) ... 60 more'
I saw the message about wrong format, but based on documentation at http://twitter4j.org it should accept two agruments (strings with keys). Am I wrong?
Update 2
*just find that out - I am sorry that I brought you into confusion with my first post and example... of course I used myStoredRequestToken, myStoredRequestTokenSecret, not a consumer key/secret *
*there are relevant parts of code I'm using for this functionality*
application.cfc ("onApplicationStart" function, instantiating components on start of application)
<cffunction name="onApplicationStart" access="public" returntype="boolean" output="false">
...
<cfset application.com.twitterInstance = server.javaloader.create("twitter4j.TwitterFactory").getInstance() />
<cfset application.com.twitter = createObject("component","_com.twitter").init() /> *<!--- cfc component which will be listed below --->*
...
</cffunction>
twitter.cfc (corresponding coldfusion component)
<cfcomponent displayname="twitter" output="false">
<cffunction name="init" access="public" output="false">
<cfreturn this>
</cffunction>
<cffunction name="authorizeTwitter" access="public" output="false">
<cfargument name="callBackURL" type="string" required="false" default="#request.twtCallBackURL#" />
<cfset var requestToken = "" />
<cfset application.com.twitterInstance.setOAuthConsumer(request.twtConsumerKey,request.twtConsumerSecret) />
<cfset requestToken = application.com.twitterInstance.getOAuthRequestToken(arguments.callBackURL) />
<cflock scope="session" type="exclusive" timeout="10">
<cfset session.oAuthRequestToken = requestToken.getToken()>
<cfset session.oAuthRequestTokenSecret = requestToken.getTokenSecret()>
</cflock>
<cflocation url="#vLocal.requestToken.getAuthorizationURL()#" addtoken="No" />
</cffunction>
<cffunction name="getUserCredentials" access="public" output="true">
<cfset var vLocal = {} />
<cfset vLocal.accessToken = "" />
<cfset vLocal.userData = "" />
<cfset vLocal.requestToken = "" />
<cfset vLocal.accessToken = server.javaloader.create("twitter4j.auth.AccessToken").init(session.oAuthRequestToken,session.oAuthRequestTokenSecret)>
<cfset application.com.twitterInstance.setOAuthAccessToken(vLocal.accessToken) />
<cfset vLocal.userData = application.com.twitterInstance.verifyCredentials() />
<cfdump var="#vLocal.userData#" label="User Credentials">
</cffunction>
First function is for first step - requesting twitter for autorization page (where user can autorize or deny application). Call back URL runs the page what calls the second function and I have problem only at this step (line for generation accessToken).
I have the same result if Im using createObject function instead of javaloader.
*So, my main question is still the same - to obtain the users unique Access Token? Please point me, what I'm doing wrong? What is a correct format for unique user's accessToken generation? Should I place oauth_verifier parameter there? if so, how?*
You are passing consumer key/secret instead of access token/secret.
You can generate your access token/secret at dev.twitter.com.
https://dev.twitter.com/apps ยป create my access token
Best,
Yusuke
I think I figured out what is wrong with the help of the examples 8. Sign in with Twitter and
Adding support for automated tweets with OAuth. Only tested with my own account though ..
Before you redirect to the authorization page, save the whole RequestToken object in a session variable. You will need it to extract the AccessToken. Note: I am storing the TwitterFactory in the application scope - not the instance
<cfset Twitter = application.TwitterFactory.getInstance()>
<cfset Twitter.setOAuthConsumer(application.TwitterConsumerKey, application.TwitterConsumerSecret)>
<cfset Session.RequestToken = Twitter.getOAuthRequestToken( YourCallBackURL )>
On callback, twitter adds a parameter named oauth_verifier to the URL. Use that value and the saved RequestToken to extract the AccessToken.
<cfset AccessToken = Twitter.getOAuthAccessToken(Session.RequestToken, URL.oauth_verifier)>
<cfset session.StoredAccessToken = AccessToken.getToken()>
<cfset session.StoredAccessSecret = AccessToken.getTokenSecret()>
Once you have the AccessToken/Secret you can access user details (update status,...) anywhere.
<cfset Twitter = application.TwitterFactory.getInstance()>
<cfset Twitter.setOAuthConsumer(application.TwitterConsumerKey,application.TwitterConsumerSecret)>
<cfset AccessToken = createObject("java", "twitter4j.auth.AccessToken")>
<cfset OAuthToken = AccessToken.init(session.StoredAccessToken, session.StoredAccessSecret)>
<cfset Twitter.setOAuthAccessToken(OAuthToken)>
<cfset userData = Twitter.verifyCredentials()>
<cfoutput>
id = #userData.getId()#<br>
name = #userData.getName()#<br>
followers = #userData.getFollowersCount()#<br>
friends = #userData.getFriendsCount()#<br>
</cfoutput>