#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    4
    Rep Power
    0

    Problem processing session variables in CF9


    As I am new to all of this and learning on the go, please forgive me if my question seems rather...lame. But I am trying to set a cookie on the host (a CF server), rather than in a domain via the client (WebSphere containing my java server page), which I could do via javascript in a jsp or java in a servlet.

    But I can't really do these things here, since I need this particular cookie to be set on the host, by the host, since the other cookies being set on the host by the CF application running there, are of course, also set on the host.

    I also cannot do this as an argument to a URL for security reasons. It is a unique user identifier that I'm passing to the other side. So in my mind, setting this information in a session variable seems like my best option to get it over to the other side. Unfortunately, I lack experience working with CF to understand the correct syntax for this.

    Thanks for any and all suggestions.

    Nelson
  2. #2
  3. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    Sorry, but I have no idea what you're asking. Please show some code or explain further.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    4
    Rep Power
    0
    Okay, here is some code with some error msgs. I hope this helps to explain better.

    The JSP has:

    //Get an autogenerated session token and return it in argument called "ticket"
    Document doc;
    doc = Jsoup.connect("http://<hostaddr>/index.cfm?FuseAction=Security.Login").get();
    // Find the input tag with the token and extract it
    Elements inputs = doc.select("input[name=token]");
    String token = inputs.attr("value");
    String urlstring = "http://<hostaddr>/index.cfm?FuseAction=Portal.Home&RequiredProfile=1&ticket="; //I cannot also &uuuid= here because it is correctly being ignored on the other side
    urlstring = urlstring + token;

    session.setAttribute("uuuid", "a users email address goes here");

    response.sendRedirect(response.encodeRedirectURL(urlstring));


    On the ColdFusion side I reach this function. This I know for a fact, because using a default
    email address (mine), allows me to log into the system. Of course, I would prefer to pass
    a user's email since I can't have everyone logging in as me now can I? :-) Anyways...

    <cffunction name="Institution_AuthProc" returntype="string">
    <cfargument name="ticket" default="" />

    String sessionvar = session.getAttribute("uuuid") ; //These two lines do not generate an error, but because control is returned elsewhere
    response.write( "The destination is: " + sessionvar ) ; //I can't really say if the session value is correctly being passed here.

    // I do know that this next statement gave me the error listed directly below it (in the CF Logs), and that trying to
    // place <CFSCRIPT> </CFSCRIPT> around the java code above had generated the error (*) also listed below.

    <!---// <cfcookie name=SCL_AUTHDUSER value="#sessionvar#" /> //--->
    Variable STRDESTINATION is undefined.

    (*) function keyword is missing in FUNCTION declaration.<p>The CFML compiler was processing:
    <ul><li>A script statement beginning with String on line 59, column 1.<li>A cfscript tag beginning on line 58, column 2.
    <li>A cfscript tag beginning on line 58, column 2.</ul>


    <cfargument name=uuuid default="a default email address goess here" /> //Its always set to the default I give it, since "ticket" is the only argument that makes it to this function
    <cfcookie name="ticket" value="#trim(Arguments.ticket)#" /> //This is fine
    <cfcookie name=SCL_AUTHDUSER value="#trim(Arguments.uuuid)#" /> //Now the rest of the code that needs this cookie set on the host to allow
    //authentication to complete, can do so because of this statement
    <cfparam name="COOKIE.SA_RETURN" default="index.cfm?FuseAction=Security.InternalLogin" />
    <cflocation url="#COOKIE.SA_Return#" addtoken="no" />
    </cffunction>

    Nelson
  6. #4
  7. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    I'm not really sure what you're asking about with regard to the error about "STRDESTINATION" not being defined, because nothing in your code creates or uses this variable name.

    From what it looks like, you're trying to set a session variable for the user's email on the JSP page. That session variable is only used by the WebSphere app. The CF server is not going to have any access to that variable. It's from a completely different server and/or servlet context.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    4
    Rep Power
    0
    Right, sorry about that. Thats was what the old variable name was. It came from an example I found via googling. For the cut and past of the actual code, I had changed the name from STRDESTINATION to something that made a little more sense here, which I probably should have done to start with - sessionvar. But the error was for something that was not defined. I thought for sure that to get to the value over to the CF side that session data should be used. But if it is as you say, that only Websphere would recognize session data set on its side, then how do I intermix java statements like these in a CF function? Thanks for taking the time to respond to my questions. Appreciate it.

    Cookie info = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
    for (int i=0; i < cookies.length; i++) {
    info = cookies[i];
    String cookiename= info.getName();
    if (cookiename.equals("uniqueuseridentifier") {
    if (info.getValue().equals("some email address")) {
    // try to issue <cfcookie here ??? to set it on this host
    // and then go and kill the previously domain set cookie?
    info.setMaxAge(0);
    info.setPath("/");
    response.addCookie(info);
    }
    }
    }
    }

    Nelson
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    4
    Rep Power
    0
    Yep...

    Cookie info = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
    for (int i=0; i < cookies.length; i++) {
    info = cookies[i];
    String cookiename= info.getName();
    if (cookiename.equals("uuuid")) {
    if (!info.getValue().equal("")) {
    <cfcookie name=SCL_AUTHDUSER value="#info.getValue()#" />
    info.setMaxAge(0);
    info.setPath("/");
    response.addCookie(info);
    }
    }
    }
    }

    generates this error:

    Variable INFO is undefined. Line: 67

    I was afraid that that would be my error here. Anyway around it? Remove the #'s ?? This is where my lack of CF comes into play bigtime.

    Nelson
  12. #7
  13. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    You can dump the entire cookie structure with <cfdump var="#cookie#">. If you want a specific cookie named "uuuid", just use cookie.uuuid.
  14. #8
  15. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,265
    Rep Power
    968
    It's also worth mentioning two things:

    Setting a session variable on the JSP page will not create a cookie in the user's browser unless the JSP app is specifically configured somehow to store session variables in cookies.

    And second, passing the email address in a cookie to log into the other app is no more secure than passing the email address in the URL. A cookie is nothing but plain text and can be easily spoofed.

IMN logo majestic logo threadwatch logo seochat tools logo